Win32:Trojan-gen. {VC}

[e_red7]

I recently scan my PC for virus. The Win32:Trojan-gen. {VC} virus came up. I tryed to delete it but it wont let me. Does anybody know how to delete this or keep me with this problem.

[raman]

You can rename the file,  restart  and delete it, or start your PC in Safe mode and delete it than. For more infos check the file by using this link: http://www.kaspersky.com/remoteviruschk.html and tell what name it gave.


You can also make a board search for "Trojan-gen"

[e_red7]

I tryed both the things tou sayed. It always says "The cant not be deleted because it may be in use

[raman]

Hm, at least deleting in Windows save mode should work. What Windows do you use, whats the name of the infected file, and where is it located(folder Systemrecovery?)?
What does "Kaspersky" say?

BTW to the one who knows it: Does the homeversion support a bootscan?

[whocares]

Hi,

general advice on trojan removal:

-scan for & identify infected files
- search for the related trojan processes with taskmanager and kill the processes
-remove registry/startup entries for the trojan files
- if a scan then can't delete the files, 'cause they're in use, rename them in dos-box or reboot and rescan, then cleaning or deleting infected files
that's it..

[e_red7]

c:\_RESTORE\TEMP\A0004289.CPY
Windows ME
How do u rename in dos box

[raman]

@whocares: Vor dir kann man sich auch nirgends verstecken!;)

@e_red7

The file is "only" in your restore folder. So you have to disable and enable the restore funktion of ME:  
How to do this? Read here: http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

[Ben]

Hi all,

Yesterday I installed the avast! virusscan and imidately it discovered 5 (!) infected files

2 of them are infected by the WIN32:Trojan-gen.{VC} so when I saw this topic I was like "yay I will get rid of that virus in no time" but when I looked @ the location, I got scared :

WinStart001.EXE for example is located in C:\WINDOWS\system... My question is: if I manage to delete the infected file (cuz thats the thing 2 do right?) won't it cause any damage? because the filename implies that the program is vital? Or am I wrong?

So basically I need 2 know if i can just go on and delete the 2 infected files by that trojan without causing any damage to my pc? :s

[dcliff]

You can safely delete those files.
But to be on the safer side Move them to the chest
(Move to chest)

[raman]

WinStart001.EXE for example is located in C:\WINDOWS\system...

Like wohcares said, it is difficult to say something to  Malware identified as generic. You can use my link mentioned above, to get a name we can say more about, or after a little google search i found this: http://www.doxdesk.com/parasite/IGetNet.html
SO maybe adaware ( www.lavasoftusa.com ) or Spybot( http://security.kolla.de/ ) are more usefull this time.

[Ben]

Well, I did use adaware be4 scannin for virusses... so thats not helping alot...

I'll give spybot a try... anyway in case it doesnt help? I'm not gonna leave that virus in my chest indefinately; in fact I want it out of my system ASAP

[raman]

You can still test the file by using this link:  http://www.kaspersky.com/remoteviruschk.html . Or take a look at the registry, by using regedit and search for the Filenames avast identify as Malware. But maybe an updated Adaware( new Build 181 avaible at their homepage) or updated Spybot can handle it.

[Ben]

I did use your link, but it didnt say anything about it :s

[raman]

Then "your" winstart001.exe is possibly this Spyware: http://boards.cexx.org/viewtopic.php?p=1630

[e_red7]

Thank you raman. What you said worked