Author Topic: Win32:Trojan-gen{Other}  (Read 11128 times)

0 Members and 1 Guest are viewing this topic.

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Win32:Trojan-gen{Other}
« Reply #15 on: February 22, 2009, 11:03:07 PM »
Hello All,

I too registered exactly the same item at exactly the same time. This smells like a false positive.

However I shall wait for the clearance from the experts and gurus.

Hope there's a quick Avast response!

Avastfan1

PS: @Tech: I found this related thread by chance and it didn't show up in the search function? :S
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32938
  • malware fighter
Re: Win32:Trojan-gen{Other}
« Reply #16 on: February 22, 2009, 11:18:45 PM »
Hi Avastfan1,

Reassuring info here: http://spywarefiles.prevx.com/RRHJEF9220657/MOTA113.EXE.html
But also this: Super(R) is SPYWARE and MALWARE. Check c:\Windows directory, you will find files like meta4.exe, mota113.exe, x2.64.exe, system32\x.264.exe and others. Google those file-names, and pray you did not enter credit card info on your computer....owned:
Or upload the file in question to virustotal.com and give us the results,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Win32:Trojan-gen{Other}
« Reply #17 on: February 22, 2009, 11:36:23 PM »
Hi Polonus,

Thanks for the information. I was initially reassured with your first link. Then I read the second part about Super(R) and now feel very worried and scared :(

I did indeed find those files in my windows directory. Should I delete them?

I uninstalled Super(R) immediately following your advice.

However it didn't uninstall those files. I have scanned my computer with the following programs and none of them recognised any of those files except Avast. I have had Super(R) installed for a long time and Avast NEVER once alerted me to spyware or adware.

Even the other anti-spyware/anti-malware programs (please see below) have never raised an issue with it.

Please help me Polonus!! :O

Thanks!!

Avastfan1

------------------------

Malwarebytes - No infections
Kaspersky online scan - no infections
SuperantiSpyware - no infections
ZA Anti-spyware - no infections
Hijackthis Log - no red cross items (sent to http://www.hijackthis.de/)
Avast - refer to previous post
Rootalyzer - no infections
Blacklight anti-rootkit - no infections


Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Win32:Trojan-gen{Other}
« Reply #18 on: February 22, 2009, 11:48:48 PM »
Hi Polonus,

Here are the results for those files:

meta4.exe
jotti.org - found nothing
virustotal - only 2/39:
1) CAT-QuickHeal found (Suspicious) - DNAScan
2) eSafe found Suspicious File

x2.64.exe
jotti.org - found nothing
virustotal - only 3/39:
1) CAT-QuickHeal found (Suspicious) - DNAScan
2) eSafe found Suspicious File
3) Sunbelt found Trojan.Win32.Packed.gen (v)

system32\x.264.exe
jotti.org - found nothing
virustotal - only 1/39:
1) eSafe found Suspicious File

Please note: I can't upload MOTA113.exe because when the Avast alert sounded - I ticked 'no action' and this seems to be preventing me from uploading the file.

PLEASE, PLEASE, PLEASE help me Polonus! I am not an expert at all, but I've always tried to keep my anti-virus, anti-spyware and anti-malware up to date.

Thanks!!
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67259
Re: Win32:Trojan-gen{Other}
« Reply #19 on: February 22, 2009, 11:55:01 PM »
https://www.virustotal.com/analisis/08816bf11f8403c244d934310c96465f
It's not easy to say... maybe a false positive, maybe on contrary avast in is the first ones to detect...
The best things in life are free.

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Win32:Trojan-gen{Other}
« Reply #20 on: February 22, 2009, 11:56:55 PM »
Hi Tech,

Thanks for the information. I am really beginning to get worried now.

Two Avast Gurus (yourself and Polonus) have both expressed concerns with this.

What should I do? :O

Please help!

Avastfan1
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67259
Re: Win32:Trojan-gen{Other}
« Reply #21 on: February 22, 2009, 11:59:54 PM »
What should I do? :O
Send file to avast Chest and let it there for further analyzes.

Besides, I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Win32:Trojan-gen{Other}
« Reply #22 on: February 23, 2009, 12:11:24 AM »
Hi Tech,

Thanks again for the support. Should I send all the files mentioned to the Chest? (ie. just MOTA113.exe or all the others which Polonus flagged?)


1. Done - used CCleaner
2. Done - Avast detected it. Dr. Web didn't.
3. Done - SAS and MBAM found no infections at all.
4. Done - Rootalyzer and Blacklight didn't find anything.
5. HJT log below.
6. I am scared to do this. I am not that familiar with system restore. Do you REALLY recommend this?
7. Do I really need Spywareblaster when I have SAS and MBAM and Spybot?
8. Done - None noted. I use the online version of Secunia once a week.

Thank you so much for your help!

Avastfan1

---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:10:58 AM, on 23/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerIEPlugin.dll

CONTINUED IN NEXT POST
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Win32:Trojan-gen{Other}
« Reply #23 on: February 23, 2009, 12:13:05 AM »
Continuation - sorry for the long post.

Thanks Tech and Polonus!

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /start_mode="auto"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228391919093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228391899437
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

--
End of file - 10457 bytes
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Confused Computer User

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 700
  • The answer is 42
Re: Win32:Trojan-gen{Other}
« Reply #24 on: February 23, 2009, 12:17:54 AM »
Hi tech,

Two quick questions concerning your post.
Quote
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.

Doesn't avast have the antirootkit part integrated in it or do you have download it (and if so is it free for home users)
Same goes for Trend Micro RootkitBuster, is it free or is there a fee.

Thanks.
Computer Systems:

Intel Pentium 4 641 / 2GB RAM / Vista Home Basic SP2 / avast! 5.0 Home / SAS Free / MBAM Free / Windows Defender / Windows Firewall / Spyware Blaster/ Secunia PSI / Firefox 3.6 / Opera 10.5

Core2Duo T8300 / 4GB RAM / Vista Home Premium SP2 (32 bit version) / Same Software.

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Win32:Trojan-gen{Other}
« Reply #25 on: February 23, 2009, 12:22:07 AM »
Hello Confused Computer User,

Are you also caught up in the same problem which I have?

Would be keen to hear the views of all people affected.

Thanks!

Avastfan1
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline Confused Computer User

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 700
  • The answer is 42
Re: Win32:Trojan-gen{Other}
« Reply #26 on: February 23, 2009, 12:34:46 AM »
Hi Avastfan1,

Quote
Are you also caught up in the same problem which I have?
No, not really.
I am interested in knowing what is the best way to approach such issues because of a past experience with a false positive (which ended well)
See: http://forum.avast.com/index.php?topic=37451.0

In my case DavidR helped me through the whole process and it was ok. If I can give any advice, it's not to worry. with time and patience all is fixed.
I hope it is the same case for you.
Computer Systems:

Intel Pentium 4 641 / 2GB RAM / Vista Home Basic SP2 / avast! 5.0 Home / SAS Free / MBAM Free / Windows Defender / Windows Firewall / Spyware Blaster/ Secunia PSI / Firefox 3.6 / Opera 10.5

Core2Duo T8300 / 4GB RAM / Vista Home Premium SP2 (32 bit version) / Same Software.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32938
  • malware fighter
Re: Win32:Trojan-gen{Other}
« Reply #27 on: February 23, 2009, 12:38:02 AM »
Hi Confused Computer User,

The HJT logfile seems OK, one thing: MSIE: Unable to get Internet Explorer version!
Do not know what that is?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Avastfan1

  • Advanced Poster
  • **
  • Posts: 965
Re: Win32:Trojan-gen{Other}
« Reply #28 on: February 23, 2009, 12:44:26 AM »
Hi Polonus,

Thanks for the reply. The 'Unable to get Internet Explorer Version' is due to me having a brain wave one day.

I tried to remove and delete Internet Explorer from my Windows XP system. I was unsuccessful as Windows constantly regenerates the file. Tried to delete it because Firefox is so much more secure.

Do you think I should delete those other files Polonus (meta4.exe) etc.? Or just MOTA113.exe?

Is my system now compromised?

I researched SUPE(R) on google but I couldn't find any critical links accusing it of being spyware or malware.

However I believe you if you say it is - you are afterall an Avast Guru and a lot wiser than I am.

Please tell me your thoughts and let me know what you would do if you were me! :O

Thanks!!

Avastfan1
Window 7 Home Premium - Avast Pro 7.0.1474 - PC Tools Firewall Plus 7.0.0.123 - MBAM 1.70 - Firefox 17.0.1 - NoScript 2.6.4.2 - Adblock Plus 2.2.1

Offline greenhatch

  • Full Member
  • ***
  • Posts: 173
Re: Win32:Trojan-gen{Other}
« Reply #29 on: February 23, 2009, 09:41:07 AM »
As the thread starter, I thought I would just confirm for everyone that I had scanned with SAS and MBAM last night also, but no other detections were indicated (I had already quarantined MOTA113.exe detected by Avast).