Author Topic: Win32:Trojan-gen {urx!}  (Read 17792 times)

0 Members and 1 Guest are viewing this topic.

Offline mjk123

  • Newbie
  • *
  • Posts: 1
Win32:Trojan-gen {urx!}
« on: February 10, 2003, 04:41:52 PM »
I have this viruse in internet explorer {system.exe} how can i get ride of it. Thanks for answering

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Win32:Trojan-gen {urx!}
« Reply #1 on: February 11, 2003, 12:22:28 PM »
Please send us the file, e.g. to support@asw.cz . We'll have a look at it.

Thanks!
If at first you don't succeed, then skydiving's not for you.

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:Trojan-gen {urx!}
« Reply #2 on: February 11, 2003, 04:29:07 PM »
I have this viruse in internet explorer {system.exe} how can i get ride of it.

Seems to be  a BAckdoor. It could be this one Backdoor.Sequel . The problem is, that Avast seems to use generic Names for different Malware. If you want to get more information send that file to Avast, or try to get the real Name for that Backdoor. To get a Name you can use this Link (I hope i do not get in trouble because of this.;)) : http://www.kaspersky.com/remoteviruschk.html

Maybe Avast is able to automaticly get rid of Backdoors with the new Major update announced here in the Forum.
MfG Ralf

Offline ronaldnotes

  • Newbie
  • *
  • Posts: 4
Re:Win32:Trojan-gen {urx!}
« Reply #3 on: February 21, 2003, 07:04:57 PM »
avast virus detector is giving a warning "A virus was found" win32 trojan-gen {UPX!} in my computer (VPS version 0301-9, 02/14/2003)
the file name is C:\_restore\temp\a0068002.cpy . I cannot move/rename, delete or repair it.  how do I get rid of it? I used Norton antivirus 2002 with updated definitions, but that did not give a virus warning.  I used the on-line virus scan from http://housecall.trendmicro.com/housecall/start_corp.asp and it gave the same virus warning as avast did. what to do?

Ronald

Offline ronaldnotes

  • Newbie
  • *
  • Posts: 4
Re:Win32:Trojan-gen {urx!}
« Reply #4 on: February 21, 2003, 07:07:42 PM »
I forgot to mention that the file name C:\_restore\temp\a0068002.cpy seems to be active. that is why it cannot be removed. how do I get manually into this _restore directory?

Ronald

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:Trojan-gen {urx!}
« Reply #5 on: February 21, 2003, 07:18:54 PM »
What Virus does Trend report( the exact name)? If i remember correct, than you asre not able to delete Files in the restore folder. Maybe you are able to do it in  a dosbox or at least if you boot from a dosdisc.

BTW: What windows do you use and do you use NTFS( if using WinNT/2000/XP)?
MfG Ralf

Offline ronaldnotes

  • Newbie
  • *
  • Posts: 4
Re:Win32:Trojan-gen {urx!}
« Reply #6 on: February 21, 2003, 08:57:48 PM »
if it is of help to you. I uses windows ME.

Ronald

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:Trojan-gen {urx!}
« Reply #7 on: February 21, 2003, 09:04:26 PM »
Realy helpfull would be the Name of that Backdoor Trojan.:)
Back to your Problem. Maybe it is the easiest  for you to disable the restorefunction of Winme, restart ME and than activate the Restorfunction again. If you do not know how to do it,  take a look at this link: http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

« Last Edit: February 21, 2003, 09:46:33 PM by raman »
MfG Ralf

Offline ronaldnotes

  • Newbie
  • *
  • Posts: 4
Re:Win32:Trojan-gen {urx!}
« Reply #8 on: February 21, 2003, 10:07:32 PM »
thanks for your reply. I have solved the problem as follows. I used a bootdisk and after the A prompt I switched to the C prompt and deleted the opposed virus with del C:\_restore\temp I read somewhere that I should not do that but I did. After a restart and scan no virus warning anymore,

Ronald

Offline shooter

  • Jr. Member
  • **
  • Posts: 43
  • Avast!!! simply the best beer in the world
Re:Win32:Trojan-gen {urx!}
« Reply #9 on: March 05, 2003, 08:00:08 PM »
i have also this virus
you can only let it clean if you format your harddisk

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:Trojan-gen {urx!}
« Reply #10 on: March 05, 2003, 08:45:38 PM »
No, it is *never* necessary to Format your Harddisc to get rid of a Malware. Specially not, if it is "only" a Backdoor/Trojan. Backddor or Trojans are "stand alone Programs" and do not infect other files.

Why do you think that it is necessary to Format your Harddisc?
MfG Ralf

Offline Pavel

  • Moderator
  • Massive Poster
  • *
  • Posts: 4305
  • Nostalgia isn't what it used to be...
    • ALWIL Software
Re:Win32:Trojan-gen {urx!}
« Reply #11 on: March 06, 2003, 08:50:04 AM »
Yes, raman is quite right  :) - there is definitely no no need to reformat the hard disk. Just deleting the trojan files is quite enough.

BTW: This "advanced method" (i.e. reformatting) was widely used also in the past - and especially with the boot viruses the virus was the only piece of software which survived the format operation ;)

Pavel

All of us could take a lesson from the weather. It pays no attention to criticism.

Offline jcubed69

  • Newbie
  • *
  • Posts: 2
Re:Win32:Trojan-gen {urx!}
« Reply #12 on: March 27, 2003, 05:10:41 AM »
I think that info regarding formatting the hard disk has to do with the fact that once a computer has been compromised, the standalone trojan can surely be taken care of, but what else has been compromised (passwords, programs, data, etc.) Unless one knows exacly what happened while somebody may have had remote access to a machine, the only ABSOLUTELY sure way to know what you are dealing with is "format" the Hard drive and start form scratch. :'(

Offline kareld

  • Avast team
  • Jr. Member
  • *
  • Posts: 32
    • ALWIL Software
Re:Win32:Trojan-gen {urx!}
« Reply #13 on: March 27, 2003, 01:29:21 PM »
Not completly true.
Passwords - you should change your passwords after compromising. Reformatting your hdd doesn't help here.
Data - if you data was stolen, reformatting doesn't help. If your data was changed or deleted, reformatting doesn't help, too.  You need backups of your data.
Programs - yes, that can be tricky. But: when the intruder is advaced enough to retain his/her privileged access to your system with modified/tailored binaries unknown to antiviral system, why he/she used the commonly known backdoor to penetrate it? I believe the vast majority of *detected* trojan/backdoor incidents are caused by casual script kiddies, and the danger of sofisticated system changes in them is small.


Offline jcubed69

  • Newbie
  • *
  • Posts: 2
Re:Win32:Trojan-gen {urx!}
« Reply #14 on: March 27, 2003, 06:03:23 PM »
I didn't go into that much detail but Kareld is correct.

 ;D