Author Topic: Win32:Trojan-gen. {VC}  (Read 17711 times)

0 Members and 1 Guest are viewing this topic.

e_red7

  • Guest
Win32:Trojan-gen. {VC}
« on: July 14, 2003, 06:52:51 PM »
I recently scan my PC for virus. The Win32:Trojan-gen. {VC} virus came up. I tryed to delete it but it wont let me. Does anybody know how to delete this or keep me with this problem.

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:Trojan-gen. {VC}
« Reply #1 on: July 14, 2003, 07:00:35 PM »
You can rename the file,  restart  and delete it, or start your PC in Safe mode and delete it than. For more infos check the file by using this link: http://www.kaspersky.com/remoteviruschk.html and tell what name it gave.


You can also make a board search for "Trojan-gen"
MfG Ralf

e_red7

  • Guest
Re:Win32:Trojan-gen. {VC}
« Reply #2 on: July 14, 2003, 09:15:55 PM »
I tryed both the things tou sayed. It always says "The cant not be deleted because it may be in use

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:Trojan-gen. {VC}
« Reply #3 on: July 14, 2003, 09:27:17 PM »
Hm, at least deleting in Windows save mode should work. What Windows do you use, whats the name of the infected file, and where is it located(folder Systemrecovery?)?
What does "Kaspersky" say?

BTW to the one who knows it: Does the homeversion support a bootscan?
« Last Edit: July 14, 2003, 09:28:41 PM by raman »
MfG Ralf

whocares

  • Guest
Re:Win32:Trojan-gen. {VC}
« Reply #4 on: July 15, 2003, 12:13:33 AM »
Hi,

general advice on trojan removal:

-scan for & identify infected files
- search for the related trojan processes with taskmanager and kill the processes
-remove registry/startup entries for the trojan files
- if a scan then can't delete the files, 'cause they're in use, rename them in dos-box or reboot and rescan, then cleaning or deleting infected files
that's it.. :)

e_red7

  • Guest
Re:Win32:Trojan-gen. {VC}
« Reply #5 on: July 15, 2003, 06:22:25 AM »
c:\_RESTORE\TEMP\A0004289.CPY
Windows ME
How do u rename in dos box
« Last Edit: July 15, 2003, 06:25:53 AM by e_red7 »

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:Trojan-gen. {VC}
« Reply #6 on: July 15, 2003, 09:00:30 AM »
@whocares: Vor dir kann man sich auch nirgends verstecken!;)

@e_red7

The file is "only" in your restore folder. So you have to disable and enable the restore funktion of ME:  
How to do this? Read here: http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
« Last Edit: July 15, 2003, 09:00:53 AM by raman »
MfG Ralf

Ben

  • Guest
Re:Win32:Trojan-gen. {VC}
« Reply #7 on: July 15, 2003, 11:09:29 AM »
Hi all,

Yesterday I installed the avast! virusscan and imidately it discovered 5 (!) infected files :(

2 of them are infected by the WIN32:Trojan-gen.{VC} so when I saw this topic I was like "yay I will get rid of that virus in no time" but when I looked @ the location, I got scared :

WinStart001.EXE for example is located in C:\WINDOWS\system... My question is: if I manage to delete the infected file (cuz thats the thing 2 do right?) won't it cause any damage? because the filename implies that the program is vital? Or am I wrong?

So basically I need 2 know if i can just go on and delete the 2 infected files by that trojan without causing any damage to my pc? :s


dcliff

  • Guest
Re:Win32:Trojan-gen. {VC}
« Reply #8 on: July 15, 2003, 11:48:39 AM »
You can safely delete those files.
But to be on the safer side Move them to the chest
(Move to chest)
« Last Edit: July 15, 2003, 11:51:09 AM by dcliff »

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:Trojan-gen. {VC}
« Reply #9 on: July 15, 2003, 12:09:24 PM »
WinStart001.EXE for example is located in C:\WINDOWS\system...

Like wohcares said, it is difficult to say something to  Malware identified as generic. You can use my link mentioned above, to get a name we can say more about, or after a little google search i found this: http://www.doxdesk.com/parasite/IGetNet.html
SO maybe adaware ( www.lavasoftusa.com ) or Spybot( http://security.kolla.de/ ) are more usefull this time.
« Last Edit: July 15, 2003, 12:39:19 PM by raman »
MfG Ralf

Ben

  • Guest
Re:Win32:Trojan-gen. {VC}
« Reply #10 on: July 15, 2003, 01:05:15 PM »
Well, I did use adaware be4 scannin for virusses... so thats not helping alot...

I'll give spybot a try... anyway in case it doesnt help? I'm not gonna leave that virus in my chest indefinately; in fact I want it out of my system ASAP :(


Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:Trojan-gen. {VC}
« Reply #11 on: July 15, 2003, 01:19:54 PM »
You can still test the file by using this link:  http://www.kaspersky.com/remoteviruschk.html . Or take a look at the registry, by using regedit and search for the Filenames avast identify as Malware. But maybe an updated Adaware( new Build 181 avaible at their homepage) or updated Spybot can handle it.
MfG Ralf

Ben

  • Guest
Re:Win32:Trojan-gen. {VC}
« Reply #12 on: July 15, 2003, 01:22:56 PM »
I did use your link, but it didnt say anything about it :s

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:Trojan-gen. {VC}
« Reply #13 on: July 15, 2003, 01:32:14 PM »
Then "your" winstart001.exe is possibly this Spyware: http://boards.cexx.org/viewtopic.php?p=1630
MfG Ralf

e_red7

  • Guest
Re:Win32:Trojan-gen. {VC}
« Reply #14 on: July 16, 2003, 07:05:35 AM »
Thank you raman. What you said worked