Author Topic: "WIN32:Trojan-gen. {UPX!}" Spoof or Real?  (Read 8153 times)

0 Members and 1 Guest are viewing this topic.

Offline Platinum

  • Newbie
  • *
  • Posts: 7
"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« on: July 19, 2004, 02:10:39 PM »
Is the "WIN32:Trojan-gen. {UPX!}" a real virus or is it a false alarm? I'm reading articles both ways on this one.

How can I remove this if it is real?? Avast cannot get rid of it, is there a cleaner out there?


Thanks in advance for the help,

B.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #1 on: July 19, 2004, 02:19:20 PM »
What's the exact path and name of the file?

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46317
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #2 on: July 19, 2004, 02:19:24 PM »
Platinum
Welcome to the Forums.
It sound like a false positive but to be sure go here and double check.
http://forum.avast.com/index.php?action=search2
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #3 on: July 19, 2004, 03:08:50 PM »
Why does it sound like a false positive? :)
There's certainly a lot of real malware detected under the mentioned name...

Offline Platinum

  • Newbie
  • *
  • Posts: 7
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #4 on: July 19, 2004, 06:31:06 PM »
Exactly. You two are split on what it may or may not be.

I don't have the filename, the person infected will get back to me soon I hope, I've asked her. She says it was found in memory as well as in a file.

I had her download and install Avast since I prefer it myself, and do a system scan and this is what was found.  She has a directory on her hard drive "_RESTORE" that cannot be deleted and is constantly filling the hard drive up.

She runs WinME.

That's the best I can get you guys now, any ideas?

B.

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #5 on: July 19, 2004, 06:46:50 PM »

any ideas?


yes..
- please give us more infos, and
- also read "VirusRemoval" below.
- Try Onlinescanners on the file (with avast shield paused)

- Also read your windows documentation or Microsoft help pages on System RESTORE utility
 ;)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #6 on: July 19, 2004, 06:47:13 PM »
_Restore is a windows protected folder and is used by system restore.

These _restore points keep eating up disk space to help you roll back and recover from problems. They also hang on to files that have been deleted from certain areas (windows system folders, etc. This can be a problem when you delete a virus in a system folder it gets into the _restore folder.

By disabling System Restore and re booting you will clear virtually all of this restore point information (not to mention recover lots of disk space), allowing viruses to be properly deleted.

We also as Igor said need the full path and filename, etc. take a look at this thread for full info we need, User's FAQ and General Advice&Tools for virus/trojan/malware removal

HTH David

Edit, I must improve my typing speed
« Last Edit: July 19, 2004, 06:50:07 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Platinum

  • Newbie
  • *
  • Posts: 7
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #7 on: July 20, 2004, 07:16:07 AM »
Ok, the name of the file with the virus warning is:

c:\windows\msmgt.exe

I never use WinME (Microsoft's worst joke ever), but I didn't know WinME had the system restore, I thought that was XP.  But it makes sense. Unfortunately that folder is filling up with the user, not knowingly, setting restore points.

I will get her to do an online scan while avast is paused.

Thanks for the ideas and help,

B.

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #8 on: July 20, 2004, 11:29:46 AM »
Hi,

msmgt.exe
-> Total Velocity adware/hijacker

http://www.sysinfo.org/startuplist.php?filter=msmgt.exe

so it's probably NOT a false positive !
 ;)

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46317
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #9 on: July 20, 2004, 10:51:30 PM »
Platinum
You should first uninstall Memory Meter if it is installed on your system.
Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
Browse to the key:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
In the right pane, delete the value called MSMGT, if it exists.
Browse to the key:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \Windows \ CurrentVersion \ Uninstall
In the right pane, delete the value called MSMGT, if it exists.
Exit the registry editor.
Restart your computer.
Delete %WinDir%\MSMGT.exe and %WinDir%\TINYINSTALLER.exe.
Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Before you make any changes in the registry, do a BACKUP of the registry by selecting file and then export.
Good luck
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Platinum

  • Newbie
  • *
  • Posts: 7
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #10 on: July 21, 2004, 06:33:17 PM »
Bob3160 & whocares,


Thanks for all your help. It is greatly appreciated.

Once this is done, I will be installing spywareblaster and adaware for her so this does not re-occur.


Thanks again,

B.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46317
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:"WIN32:Trojan-gen. {UPX!}" Spoof or Real?
« Reply #11 on: July 21, 2004, 06:58:59 PM »
Platinum
Hopefully that means you have solved the problem which is always nice to hear.
Remember, that's what  this forum is for.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq