About this Win32:Trojan-gen. {Other}

Hi all!

Well, as i have read through these posts a little bit i think you´re tired of hearing about this “virus” if it really is a virus, lots of different opinions about this i´ve noticed.

Well, i have no choice, just yesterday i also did a scan of my system and Avast discovered this, like many others i noticed, mine is also located in c:program/Winrar and i CAN´T get rid of it no matter what i do.

The funny thing is though that i´ve tried several on-linescanners (trend-micro, symantec etc.,) and they don´t find a thing. This makes me wonder as some ppl just say it´s a falsealarm but it makes me nervous anyway.

So, my good friends, what the %*^# shall i do?

Please someone give me a good, easy solution to this!

Thank You!

What version of Avast?
What vps version?

I´m Using Avast Home Edition 4.1 build 4.1.418
(registered), vps: 0432-1…

I have the EXACT same problem. Weird, I wonder if it finding a part of WINRAR to be a virus. ???

Even with the latest VPS update (0432-2)?? :o

I have to admit that it is my moms computer. I don’t use winrar. I use www.zipgenius.it it is a free compression utility. I am going to look at it Saturday, but it has been a repetive problem, always in the winrar file. I plan on just removing winrar so she’ll stop worrying about it. However her pc auto updates on start up and it should be the latest version unless it has changed since Monday.

Vlk
Mine has stopped “Singing” since the last update to 432-2. Thanks

Basically, the latest VPS update should resolve all known false positives…

Using 0432-2 database, I get a trigger on “uninstall.exe” that comes with Meshcam (and on the Meshcam installation program) but no trigger on winrar.exe.

Meshcam is at http://www.meshcam.com/

I’ve emailed the programmer, but I’m sure it’s a false trigger.

Kludgemeister

Please submit the file to virus@avast.com , the virus lab guys will take of it shortly.

Thanks
Vlk

Vlk, I have been trying for almost 5 hours to upload the file. I cannot send it by my ISP’s POP mail, nor my ISP’s Web mail, nor Yahoo mail. All seem to be out of service. Can your guys download the program from http://www.meshcam.com/download.php on their own? Thanks.

Kludgemeister

Ehm, what exactly is the problem? You can’t send any emails? Or just this particular file?

Thanks
Vlk

What error messages are you getting to say you can’t send the email?

Sometimes ISPs have an attachment file size restriction, what is the file size?

Sometimes ISPs and mail servers block .exe files in a half hearted attempt to combat viruses. Try to zip up the uninstall.exe file and see if that will go.

And your question is ??? ::slight_smile: :wink:

Thanks for the replies, guys.

Vlk - Problem with just this email.

DavidR - Eudora was saying “Eudora network timeout” and “Eudora is tired of waiting for the system to respond” and Yahoo mail was saying “Document contains no data” The exe file size is 2636k and the zipped version (which I also did try sending) is 2591k. I have had no problem sending attachments in the past.

GrizeBar - Yes, I did try zipping the file with no improvement.

This morning I did try attaching just the “uninstall.exe” contained in the archive, with no problem. It is what Avast was specifically triggering on. It is only 48k.

Kludgemeister

Thanks,

The timeout sometimes happens when you are trying to send a document with a large attachment.

I have no idea why Yahoo would say no data because to my mind an attachment is data, unless it has no text in the body of the email and that is what it’s complaining about.

The attachment of in excess of 2MB would in some cases exceed an ISP or mail services limits. As you found zipping didn’t help, this could be due to the size as mentioned above.

But you perservered and get the file that triggered the alert, good job.

Oh, the replies go OUTSIDE the Quotes!! DUH!

Sorry, I seem to have grunged that one.

I’ve gotten the Win32:Trojan-gen {Other} virus warning now, and I must say it’s really annoying. I’m only running the trial version of avast, but it’s up to date (0433-1).

I can’t see anything suspicious in the HijackThis-log, and trend and panda online scanners can’t find anything.

Even though I have run the program, the “virus” seems to be contained (it hasn’t spread). This might change after boot, of course, but with what I’ve read about this “virus” so far, I’m not really scared.

Since I used the panda scanner, I now have the kuang2 “virus” in imscan.dll. That I can’t blame avast for directly, but it is annoying to know that without a virus scanner my system would have been perfectly healthy and I wouldn’t have used hours on finding out what was wrong. A hoax is sometimes worse than an actual virus.

Now to my questions: How do I configure avast to ignore theese two “infected” files? Why is avast blocking the program, even though I haven’t put it in the chest? And why is there no uninstall option, at least for the trial version?

Hi,

  • have you paused avst shield before using the Onlinescanners ?

  • also read “VirusRemoval” below and scan the file online with KAV and RAV

  • What WIN do you have ? Are all ServicePacks and Windowsupdates applied ? Please CHECK !!

  • Where exactly was the infected File found (full path/folder/filename, e.g. like c:\Windows\system32\virusfile.exe) ? :wink: