Win32 trojan gen (other)

[DavidR]

You're welcome.

[Nico-Sid]

You're welcome.

hi
now when i scan my files i don't have screen where my infected files and stuff are on ... :S
it just turn off after the scan.

ty

[DavidR]

What type of scan are you doing, context menu (right click) or on-demand scan from the Simple User Interface ?

[Nico-Sid]

What type of scan are you doing, context menu (right click) or on-demand scan from the Simple User Interface ?

right click

thx

[DavidR]

Then check the following setting - Program Settings, Common, Show Explorer Extension Results and ensure the option is checked.

[Nico-Sid]

Then check the following setting - Program Settings, Common, Show Explorer Extension Results and ensure the option is checked.

ok that was the problem now it's solved thx man

[DavidR]

You're welcome.

[TeresaK]

Hi David,
I am new here.  I have just downloaded Avast 4.8 because my Norton Internet Security failed me BIG TIME.  It did the intial scan when I rebooted the computer and found Wi32 trojan gen Other.  It's on this file name, C:\ System Volume Information\_restore...........then just a bunch of letters and numbers.  It is in my chest.  Should I follow the advice you gave this person below to remedy it or are different files remedied in different ways.  Obviously, I do not know much about viruses and trojans, so please explain in beginner terms for me please.  Thanks so much, TeresaK

 

The first looks like a good detection a google search finds this, http://virscan.org/report/4b863ab27de76c4424c2c4e985e27d1c.html, old scan results from a multi engine virus scanner, from 6 March 2009. Whilst at that time avast didn't detect it but new signatures are continually added.

You could also check the offending/suspect file (to get a more recent set of results) at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

The one in the C:\System Volume Information restore point is no doubt the same file which when you tried to delete it a restore point was created.

- There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.

- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.

- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

So allow avast to send it to the chest, deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

I suggest that you enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, 'Schedule boot-time scan...' Or see http://www.digitalred.com/avast-boot-time.php.

[DavidR]

I don't believe you need go through the sending to virustotal as this was a somewhat different case than normal. Just send it to the chest.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Norton can be a real pain to remove completely and can cause conflicts for other security applications.

A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT

[Lisandro]

Files on this folder C:\ System Volume Information\_restore are the System Restore points.
If you disable and enable the System Restore, files will be deleted. You can create a new point after that.
How to disable System Restore on Windows ME, XP or Vista. System Restore is not available in Windows 9x and 2k. After disabling you can enable it again.

It's safer to run avast into Windows at the first time and then post back other files detected as being infected (name, path, name of the virus).

[TeresaK]

 

I don't believe you need go through the sending to virustotal as this was a somewhat different case than normal. Just send it to the chest.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Norton can be a real pain to remove completely and can cause conflicts for other security applications.

A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT