Author Topic: trojan win32 generic is back  (Read 1824 times)

0 Members and 1 Guest are viewing this topic.

Offline Jeff B

  • Jr. Member
  • **
  • Posts: 22
trojan win32 generic is back
« on: January 14, 2012, 03:46:24 AM »
Essexboy it is back. This time avast saw it. Attaching the logs. The e-mail I first got it from has been deleted days ago. I am going to scan all my USB memory sticks next. I disabled and reenabled System restore and set a new restore point after the full system scan and the boottime scan. I told the full system scan to put it in the chest. Is that correct? I just upgraded my wifes computer to Win7 and am thinkin of doing it to my computer but short of money right now. Do the scans tell how it is getting in? Is it hiding in the appollo folder I can not delete? I have even tried using a program called unlocker but it says it will delete it on next boot but doesn't. The mouse still takes off on its own and the CD roms still eject themselves, so I am not confedent that it is gone.   Jeff B.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 80143
  • No support PMs thanks
Re: trojan win32 generic is back
« Reply #1 on: January 14, 2012, 02:39:32 PM »
Re the boot-time scan:
You are saying it is back (but I can't see any instances of Win32:Trojan-gen on the logs), but this on is in restore point, which was possibly placed there when dealing with the original infection and from the actions you have deleted it (which is fine when dealing with a suspect/infected restore point)

C:\System Volume Information\_restore{DC918390-1AB6-42D3-95D0-6A159150E971}\RP710\A0089552.exe|>[PECompact] is infected by Win32:Rootkit-gen [Rtk], Deleted

Re: the Full System scan:
C:\WINDOWS\PEV.exe|>[PECompact] [L] Win32:Rootkit-gen [Rtk] (0)

There is another topic started by 'oldman' (another malware removal specialist) about PEV.exe and the suspicion is that this is a false positive, try a forum search for pev.exe.

This however is Win32:Rootkit-gen [Rtk] and not Win32:Trojan-gen that your topic Subject implies (and not in either log), so are there any other instances of avast detections of Win32:Trojan-gen ?
« Last Edit: January 14, 2012, 02:42:05 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 18.4.2338/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.8.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40636
  • Dragons by Sasha
    • Malware fixes
Re: trojan win32 generic is back
« Reply #2 on: January 14, 2012, 10:17:24 PM »
Pev is one of those good or bad files

I would have thought that it would have been removed from the defs by now

Clear the restore points and the other should go - Probably a backup of Pev

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: trojan win32 generic is back
« Reply #3 on: January 15, 2012, 10:35:25 AM »
The avast log in this topic shows VPS: 120112-1

I downloaded a copy of the tool with vps-1201130-1 late Friday afternoon. No detection during download or scanning the file afterwards. Haven't seen any reports of avast still flagging it.