Author Topic: Win32:Trojan-gen{Other}  (Read 13621 times)

0 Members and 1 Guest are viewing this topic.

greenhatch

  • Guest
Win32:Trojan-gen{Other}
« on: February 22, 2009, 03:56:09 PM »
On scanning my laptop today the above apparent malware was detected which I duly transferred to the virus chest. The event viewer shows the entry:
 Sign of ''Win32:Trojan-gen{Other}'' has been found in ''C:\Windows\MOTA113.exe\[tElock]'' file.
Has anyone else reported this please? If you want to review my detection, please tell me precisely how to locate the chest entry and where to send it. Thanks.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win32:Trojan-gen{Other}
« Reply #1 on: February 22, 2009, 04:00:31 PM »
You can open avast Chest and see the folder Infected files on it.
You do not have to deal with the files into Chest, let it there for a while to confirm it's an infected file.
The best things in life are free.

greenhatch

  • Guest
Re: Win32:Trojan-gen{Other}
« Reply #2 on: February 22, 2009, 04:24:31 PM »
I've found out now how to access the virus chest and uploaded the file to virustotal.com which returned the result 0/39. Presumably that means a false positive?
« Last Edit: February 22, 2009, 04:26:22 PM by greenhatch »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win32:Trojan-gen{Other}
« Reply #3 on: February 22, 2009, 04:29:41 PM »
I suppose you did not upload the file from Chest, but the original one. The file from Chest is encrypted and won't be detected as infected (it is on the Chest folder of avast).
Indeed, if you send the original file, seems a false positive. Can you know from which program does it belong?
The best things in life are free.

greenhatch

  • Guest
Re: Win32:Trojan-gen{Other}
« Reply #4 on: February 22, 2009, 04:41:47 PM »
I uploaded the file from the Chest in my ignorance  :-X  Of course it is encrypted so my uploading to virustotal.com was crap...sorry. The only information I  know of the detection is what the event log entry showed as quoted in my first post.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win32:Trojan-gen{Other}
« Reply #5 on: February 22, 2009, 04:52:51 PM »
I uploaded the file from the Chest in my ignorance  :-X  Of course it is encrypted so my uploading to virustotal.com was crap...sorry. The only information I  know of the detection is what the event log entry showed as quoted in my first post.
You can extract the file to a safe folder, do not execute the file, add it to avast exclusion lists and then upload to virustotal.
The best things in life are free.

greenhatch

  • Guest
Re: Win32:Trojan-gen{Other}
« Reply #6 on: February 22, 2009, 06:09:40 PM »
I uploaded the file from the Chest in my ignorance  :-X  Of course it is encrypted so my uploading to virustotal.com was crap...sorry. The only information I  know of the detection is what the event log entry showed as quoted in my first post.
You can extract the file to a safe folder, do not execute the file, add it to avast exclusion lists and then upload to virustotal.
Can you tell me how to actually extract a copy of the file safely from the chest to a new 'suspect' folder please? I don't see any right click option in the chest folder. You might have gathered that I'm a bit thick in certain areas :)
« Last Edit: February 22, 2009, 06:31:45 PM by greenhatch »

Offline Confused Computer User

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 700
  • The answer is 42
Re: Win32:Trojan-gen{Other}
« Reply #7 on: February 22, 2009, 07:26:34 PM »
Hi Greenhatch,

I had a similar problem.

Quote
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

taken from: http://forum.avast.com/index.php?topic=37451.0

Hope this helps.
« Last Edit: February 22, 2009, 07:29:59 PM by Confused Computer User »
Computer Systems:

Intel Pentium 4 641 / 2GB RAM / Vista Home Basic SP2 / avast! 5.0 Home / SAS Free / MBAM Free / Windows Defender / Windows Firewall / Spyware Blaster/ Secunia PSI / Firefox 3.6 / Opera 10.5

Core2Duo T8300 / 4GB RAM / Vista Home Premium SP2 (32 bit version) / Same Software.

greenhatch

  • Guest
Re: Win32:Trojan-gen{Other}
« Reply #8 on: February 22, 2009, 07:37:22 PM »
Hi Greenhatch,

I had a similar problem.

Quote
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

taken from: http://forum.avast.com/index.php?topic=37451.0

Hope this helps.

Hi. Do you have the Pro version of Avast? I have the Free and the simple option of right click on the systray 'a' icon does not reveal an export line in the dropdown to me. So hopefully there is a simple step-by-step procedure Tech (or a mod) can advise me how to export a copy of the quarantined file from the chest to a suspect folder.
« Last Edit: February 22, 2009, 07:38:58 PM by greenhatch »

Offline Confused Computer User

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 700
  • The answer is 42
Re: Win32:Trojan-gen{Other}
« Reply #9 on: February 22, 2009, 07:47:51 PM »
Hi,

I have the free version as well. I should put my specs on the signature part. That should speed up things.
Now back to you.
First off, right clicking on the A icon will not help in this case.
Here's what you do. Start avast. Look for the icon/button that says Virus chest. Click on it. Once there look for the problem file. Select it, then right click and choose extract.  After this, select (browse if you will) the file that has been excluded from the scanner. Did this Help?
« Last Edit: February 22, 2009, 07:51:26 PM by Confused Computer User »
Computer Systems:

Intel Pentium 4 641 / 2GB RAM / Vista Home Basic SP2 / avast! 5.0 Home / SAS Free / MBAM Free / Windows Defender / Windows Firewall / Spyware Blaster/ Secunia PSI / Firefox 3.6 / Opera 10.5

Core2Duo T8300 / 4GB RAM / Vista Home Premium SP2 (32 bit version) / Same Software.

greenhatch

  • Guest
Re: Win32:Trojan-gen{Other}
« Reply #10 on: February 22, 2009, 08:29:50 PM »
Hi,

I have the free version as well. I should put my specs on the signature part. That should speed up things.
Now back to you.
First off, right clicking on the A icon will not help in this case.
Here's what you do. Start avast. Look for the icon/button that says Virus chest. Click on it. Once there look for the problem file. Select it, then right click and choose extract.  After this, select (browse if you will) the file that has been excluded from the scanner. Did this Help?
Simple when you know how, right, lol? Very helpful! :D

Offline Confused Computer User

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 700
  • The answer is 42
Re: Win32:Trojan-gen{Other}
« Reply #11 on: February 22, 2009, 08:39:05 PM »
Great,

Glad to be of service. Keep us posted on what you find.
Computer Systems:

Intel Pentium 4 641 / 2GB RAM / Vista Home Basic SP2 / avast! 5.0 Home / SAS Free / MBAM Free / Windows Defender / Windows Firewall / Spyware Blaster/ Secunia PSI / Firefox 3.6 / Opera 10.5

Core2Duo T8300 / 4GB RAM / Vista Home Premium SP2 (32 bit version) / Same Software.

greenhatch

  • Guest
Re: Win32:Trojan-gen{Other}
« Reply #12 on: February 22, 2009, 08:42:56 PM »
Tech and Avast staff:
I uploaded an unencrypted copy of the file to virustotal.com and got a result returned of 5/39. So I've set up the user/email facility to send Alwil the file on the next update for investigation just in case. Regards

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win32:Trojan-gen{Other}
« Reply #13 on: February 22, 2009, 10:37:59 PM »
greenhatch, can you post the link to the file into virustotal, I mean, the virus total results link?
We can analyze it.
The best things in life are free.

greenhatch

  • Guest
Re: Win32:Trojan-gen{Other}
« Reply #14 on: February 22, 2009, 10:56:04 PM »
greenhatch, can you post the link to the file into virustotal, I mean, the virus total results link?
We can analyze it.

https://www.virustotal.com/analisis/08816bf11f8403c244d934310c96465f