Win32: Trojan-gen problem. pls help.

[ivantheterrible]

Hi, Would very much appreciate some help on this frustrating problem.  I'm using Avast 4.8 and every 10 minutes a detection of a "Win32: Trojan-gen" keeps popping up on screen.

I've seen this problem posted by others too, but I'm having trouble following the solutions (I've seen so many different solutions). 

The details I see on the Avast pop-up are:

File name: C:\DOCUME~1\admin\LOCALS~1\Temp\4000009000def1e1004cfdc5033h\cvtres.exe
Malware name: Win32:Trojan-gen {Other}
Malware type: Virus/Worm

Please treat me as a beginner.  I've seen solutions requiring "hijacks", "logs", etc but I have no idea what they mean or how to bring them up so if you can, please let me know what I need to do.  Thanks!

[DavidR]

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

• 1.  MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
• 2. SUPERantispyware On-Demand only in free version.

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

[Sammo]

Another good anti-malware is IObit Security 360 - http://www.iobit.com/beta.html

[ivantheterrible]

Thanks for the help.  I've downloaded the two software and have run full scans.  The log report from Malwarebytes is below.  The scan by SUPERAntiSpyware found one cookie, which has been quarantined.
 (fyi, the virus check popups are still coming up every 10mins).  Thanks.


Malwarebytes' Anti-Malware 1.40
Database version: 2608
Windows 5.1.2600 Service Pack 2

12-Aug-09 11:08:20 AM
mbam-log-2009-08-12 (11-08-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154180
Time elapsed: 22 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[YoKenny]

Install Windows Service Pack 3 that has been available for over a year and contains several Critical Security updates plus performance improvements.

You need to start Internet Explorer then go to Tools then Windows Update and download all of the available updates.

Also you should enable Automatic Updates or at least be notified that Updates are available.

Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don't automatically download or install them.

Download and install:
User Profile Hive Cleanup Service:
Brief Description
A service to help with slow log off and unreconciled profile problems.
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

[ivantheterrible]

Thanks.  I started downloading Service Pack 3 but then a Setup error came up saying I don't have enough disk space on C:\WINDOWS\$NtServicePackUninstall$ and that it requires a minimum of 4 additional megabytes of free space. 

I don't have many programs on my pc, so I don't understand why I can't download it.  I should have a lot of diskspace.  Do I have to delete something and if so, what should I delete in C:\WINDOWS?

Again, thanks for helping.

[YoKenny]

Please read:
WINUP: Not Enough Free Disk Space to Install Update Components
http://support.microsoft.com/kb/187876

I do not recomend compressing the hard drive with DriveSpace 3 though as it really slows down the system.

Free-up the hard disk space
http://windowsxp.mvps.org/space.htm

WinDirStat is a disk usage statistics viewer and cleanup tool for Microsoft Windows (all current variants).
http://windirstat.info

[ivantheterrible]

Thanks very much everyone...

[johint]

Hello,
   This virus is on my boys computor along with win32:fasec, avast detects it in safe mode but won't allow me to move it to chest, (access denied, being used by another program), can't reboot the system normally as a blue screen pops up saying windows has detected a problem, can anyone help with this, running avast 4.8 updated on 8/11/09, systems reg. key was expired , boy didn't bother to re-register 

thanks for any help
john

[Sammo]

Hello,
   This virus is on my boys computor along with win32:fasec, avast detects it in safe mode but won't allow me to move it to chest, (access denied, being used by another program), can't reboot the system normally as a blue screen pops up saying windows has detected a problem, can anyone help with this, running avast 4.8 updated on 8/11/09, systems reg. key was expired , boy didn't bother to re-register 

thanks for any help
john

You might want to try the IObit 360. It will allow you to unlock and delete any file.