Author Topic: About this Win32:Trojan-gen. {Other}  (Read 26825 times)

0 Members and 1 Guest are viewing this topic.

Offline Kludgemeister

  • Newbie
  • *
  • Posts: 3
Re:About this Win32:Trojan-gen. {Other}
« Reply #15 on: August 08, 2004, 09:17:09 PM »
Thanks for the replies, guys.

Vlk - Problem with just this email.

DavidR - Eudora was saying "Eudora network timeout" and "Eudora is tired of waiting for the system to respond" and Yahoo mail was saying "Document contains no data"  The exe file size is 2636k and the zipped version (which I also did try sending) is 2591k.  I have had no problem sending attachments in the past.

GrizeBar - Yes, I did try zipping the file with no improvement.

This morning I did try attaching just the "uninstall.exe" contained in the archive, with no problem.  It is what Avast was specifically triggering on.  It is only 48k.

Kludgemeister

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 81911
  • No support PMs thanks
Re:About this Win32:Trojan-gen. {Other}
« Reply #16 on: August 08, 2004, 11:47:37 PM »
Thanks,

The timeout sometimes happens when you are trying to send a document with a large attachment.

I have no idea why Yahoo would say no data because to my mind an attachment is data, unless it has no text in the body of the email and that is what it's complaining about.

The attachment of in excess of 2MB would in some cases exceed an ISP or mail services limits. As you found zipping didn't help, this could be due to the size as mentioned above.

But you perservered and get the file that triggered the alert, good job.

WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.526)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline GrizeBar

  • Jr. Member
  • **
  • Posts: 49
  • I'm a llama!
Re:About this Win32:Trojan-gen. {Other}
« Reply #17 on: August 09, 2004, 01:06:49 AM »
And your question is ???  ::)  ;)

Oh, the replies go OUTSIDE  the Quotes!! DUH!

Sorry, I seem to have grunged that one.
grizebar@msn.com
bigdas1@verizon.net
grizebar@netzero.net

Offline rawjr

  • Newbie
  • *
  • Posts: 5
Re:About this Win32:Trojan-gen. {Other}
« Reply #18 on: August 10, 2004, 04:43:48 AM »
I've gotten the Win32:Trojan-gen {Other} virus warning now, and I must say it's really annoying. I'm only running the trial version of avast, but it's up to date (0433-1).

I can't see anything suspicious in the HijackThis-log, and trend and panda online scanners can't find anything.

Even though I have run the program, the "virus" seems to be contained (it hasn't spread). This might change after boot, of course, but with what I've read about this "virus" so far, I'm not really scared.

Since I used the panda scanner, I now have the kuang2 "virus" in imscan.dll. That I can't blame avast for directly, but it is annoying to know that without a virus scanner my system would have been perfectly healthy and I wouldn't have used hours on finding out what was wrong. A hoax is sometimes worse than an actual virus.

Now to my questions: How do I configure avast to ignore theese two "infected" files? Why is avast blocking the program, even though I haven't put it in the chest? And why is there no uninstall option, at least for the trial version?
« Last Edit: August 10, 2004, 04:45:03 AM by rawjr »

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:About this Win32:Trojan-gen. {Other}
« Reply #19 on: August 10, 2004, 11:59:02 AM »
and trend and panda online scanners can't find anything.
Hi,

- have you paused avst shield before using the Onlinescanners ?

- also read "VirusRemoval" below and scan the file online with KAV and RAV

- What WIN do you have ? Are all ServicePacks and Windowsupdates applied ? Please CHECK !!


- Where exactly was the infected File found (full path/folder/filename, e.g. like c:\Windows\system32\virusfile.exe) ? ;)

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 81911
  • No support PMs thanks
Re:About this Win32:Trojan-gen. {Other}
« Reply #20 on: August 10, 2004, 12:46:49 PM »
And your question is ???  ::)  ;)

Oh, the replies go OUTSIDE  the Quotes!! DUH!

Sorry, I seem to have grunged that one.

Partly my fault and a lack in attention to detail, I didn't notice that you had commented inside the original quote.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.526)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline rawjr

  • Newbie
  • *
  • Posts: 5
Re:About this Win32:Trojan-gen. {Other}
« Reply #21 on: August 10, 2004, 01:49:47 PM »
and trend and panda online scanners can't find anything.
Hi,

- have you paused avst shield before using the Onlinescanners ?

- also read "VirusRemoval" below and scan the file online with KAV and RAV

- What WIN do you have ? Are all ServicePacks and Windowsupdates applied ? Please CHECK !!


- Where exactly was the infected File found (full path/folder/filename, e.g. like c:\Windows\system32\virusfile.exe) ? ;)

Please, I have no problems removing viruses. In stead of giving me the standard routine, just answer my questions. If that is to difficult, at least give me reasons for answering your questions.

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:About this Win32:Trojan-gen. {Other}
« Reply #22 on: August 10, 2004, 03:01:19 PM »
...well you can either delete the panda files, or exclude them from scanning in avast's options
(I don't have avast on this here PC so can't tell you the exact way to do it right now, but I guess if you're so proficient you can read/see help, faq's & Docu.. )
[EDIT]
same applies for "Uninstall", but if I understand you correctly
-> ControlPanel -> Add/Remove Programs -> avast ... would be a likely choice..)
If you mean PANDA_OnlineScan-Uninstal -> look in Downloaded.Program.Files (OBJECTS in IE-Options)
[/EDIT]

*

the reason for my questions about trojan-gen & onlinescanners is that:

- Trojan-Gen is a generic detection/name which comprises probably Dozens to hundreds different trojan-species/variants, and
- from your info it is not clear whether yours is a false alarm or not..
- or if it's just located in protected areas and thus can't be removed easily.. (_RESTORE .. ?)
- Trojan-Gen has in the past been known to detect stuff like fully-fledged Backdoors, but if you want to exclude that one from scanning -> your choice  ;D

--> I just wanted to help.. :)
« Last Edit: August 10, 2004, 03:22:01 PM by whocares »

Offline rawjr

  • Newbie
  • *
  • Posts: 5
Re:About this Win32:Trojan-gen. {Other}
« Reply #23 on: August 10, 2004, 06:23:23 PM »
--> I just wanted to help.. :)

I'm sorry I was a little cranky, but after spending many hours trying to fix this "virus" and then finding out it's probably just a false positive...  >:(

But thanks for trying to help. :)

I run win xp pro sp1 fully updated, I have tried online scans (RAV, trend and panda) with and without avast disabled, and the file that's "infected" is  ...\Program Files\Serv-U\serv-u32.exe.

Avast reacts to this file when it's not running, and when it's running. To get serv-u up I have to disable avast, and as soon as I enable avast serv-u is shut down.

I can't seem to find an option in avast to ignore this specific file.

It would be helpful if avast made a list of the false positives, since it seems like there is a lot of them... ;)

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31365
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:About this Win32:Trojan-gen. {Other}
« Reply #24 on: August 10, 2004, 06:28:37 PM »
Many false positives are solved with the latest vps (433-1) Make sure you have it.

To exclude files: start avast > menu > settings > exclusions

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:About this Win32:Trojan-gen. {Other}
« Reply #25 on: August 10, 2004, 06:38:32 PM »
And make sure to submit the file to virus@avast.com, the virus guys will have a look at it and eventually change the detection code so that it won't be triggered any more...


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:About this Win32:Trojan-gen. {Other}
« Reply #26 on: August 10, 2004, 07:08:27 PM »
Just to Clear things up..

This is a FTP-Server which is imho not usually part of WIN
-> You installed this intentionally ?

Cause this is also installed/used/misused by many worms with Backdoor-Functionailty..

 ;)

Offline rawjr

  • Newbie
  • *
  • Posts: 5
Re:About this Win32:Trojan-gen. {Other}
« Reply #27 on: August 10, 2004, 07:14:52 PM »
Many false positives are solved with the latest vps (433-1) Make sure you have it.

To exclude files: start avast > menu > settings > exclusions

I have the latest vps (0433-1). Still not 100% sure this is a false positive, but must asume that since nothing bad has happend yet, and none of the online scanners can find anything.

Thanks for the info, it's now excluded.

Offline rawjr

  • Newbie
  • *
  • Posts: 5
Re:About this Win32:Trojan-gen. {Other}
« Reply #28 on: August 10, 2004, 07:18:30 PM »
This is a FTP-Server which is imho not usually part of WIN
-> You installed this intentionally ?

Yes.

Offline tokenjo

  • Newbie
  • *
  • Posts: 2
Re:About this Win32:Trojan-gen. {Other}
« Reply #29 on: August 16, 2004, 03:01:23 AM »
error deleting file can not delete deinst-qfe002.exe access is denied.
make sure the disk is not full or write protected and that the file is not currently in use.


c:\windows\system32\deinst-qfe002.exe