About this Win32:Trojan-gen. {Other}

Avast Free Antivirus / Premium Security
21

Partly my fault and a lack in attention to detail, I didn’t notice that you had commented inside the original quote.

22

Please, I have no problems removing viruses. In stead of giving me the standard routine, just answer my questions. If that is to difficult, at least give me reasons for answering your questions.

23

…well you can either delete the panda files, or exclude them from scanning in avast’s options
(I don’t have avast on this here PC so can’t tell you the exact way to do it right now, but I guess if you’re so proficient you can read/see help, faq’s & Docu… )
[EDIT]
same applies for “Uninstall”, but if I understand you correctly
→ ControlPanel → Add/Remove Programs → avast … would be a likely choice…)
If you mean PANDA_OnlineScan-Uninstal → look in Downloaded.Program.Files (OBJECTS in IE-Options)
[/EDIT]

the reason for my questions about trojan-gen & onlinescanners is that:

  • Trojan-Gen is a generic detection/name which comprises probably Dozens to hundreds different trojan-species/variants, and
  • from your info it is not clear whether yours is a false alarm or not…
  • or if it’s just located in protected areas and thus can’t be removed easily… (_RESTORE … ?)
  • Trojan-Gen has in the past been known to detect stuff like fully-fledged Backdoors, but if you want to exclude that one from scanning → your choice ;D

→ I just wanted to help… :slight_smile:

24

I’m sorry I was a little cranky, but after spending many hours trying to fix this “virus” and then finding out it’s probably just a false positive… >:(

But thanks for trying to help. :slight_smile:

I run win xp pro sp1 fully updated, I have tried online scans (RAV, trend and panda) with and without avast disabled, and the file that’s “infected” is …\Program Files\Serv-U\serv-u32.exe.

Avast reacts to this file when it’s not running, and when it’s running. To get serv-u up I have to disable avast, and as soon as I enable avast serv-u is shut down.

I can’t seem to find an option in avast to ignore this specific file.

It would be helpful if avast made a list of the false positives, since it seems like there is a lot of them… :wink:

25

Many false positives are solved with the latest vps (433-1) Make sure you have it.

To exclude files: start avast > menu > settings > exclusions

26

And make sure to submit the file to virus@avast.com, the virus guys will have a look at it and eventually change the detection code so that it won’t be triggered any more…

Thanks
Vlk

27

Just to Clear things up…

This is a FTP-Server which is imho not usually part of WIN
→ You installed this intentionally ?

Cause this is also installed/used/misused by many worms with Backdoor-Functionailty…

:wink:

28

I have the latest vps (0433-1). Still not 100% sure this is a false positive, but must asume that since nothing bad has happend yet, and none of the online scanners can find anything.

Thanks for the info, it’s now excluded.

29

Yes.

30

error deleting file can not delete deinst-qfe002.exe access is denied.
make sure the disk is not full or write protected and that the file is not currently in use.

c:\windows\system32\deinst-qfe002.exe

31

Hello,

I really appreciate Avast AV, but when I tried to install a new software from what appears to be a very reputable site, Avast said I had this particular trojan gen AND this one, as well, in the installation of it:
Win32:SdBot-825[trj]

And I am wondering if it is a ‘false positive’ or a real danger? If so, I will have to report it to them immediately. I want the software (and more from their site, which I seriously doubt is faulty or full of viruses) but I’m scared to execute the program now… :stuck_out_tongue:

Can you help me? I have the latest updates of the home version in both the software and the virus database according to my Avast software.

Thank you sooooo much,
Donna

32

BizUnlim
Welcome to the Forums
Please help us help you.
What version of Avast! are you using
What vps version?
What OS?
Where exactly is the file located
Whats the name of the Download Site?
etc. etc.

33

Hi, I’m getting this virus also.

I’m using w98
avast 4.1 home edition
file version 0434-1

When I open the MS explorer or MSN messenger a pop up window appears and immediately the virus warning appears.
It says it’s allocated in c:\windows\submit2.exe
I tell it to delete it and it reapears in c:\windows\sdkqh32.dll

I used also the avast virus cleaner with no luck.

Also used CWShredder v1.59.1 and detects: CWS affiliate:Winshow. It cleans it but it is reapearing again.

What should i do??

thanks

34

SOLUTION FOUND!

AFTER SCANNING, DELETE THEN RESTART

35
SOLUTION FOUND!
Not likely. There are likey more things that need to be done. Click on the link in my signature and follow all steps on that page to make sure your system is clean.
36

Thanks Eddie, I have some of these prgrams running. I’ll try them in safemode to see what happens.

I’ll let you know.

37

Hello,

I got the same virus warning on the file c:\windows\system32\video_s32d.exe.
AVG cannot repair the file.

My AVG version is 4.1 Home Edition
Build Jun 2004 (4.1.418)
VPS 0434-2

Is this a false alarm ?

Thanks,
-Paul

38

Run one or two online scanners and see if they pick that file up. Since google has nothing on it, it sure is a suspicious file.

39

PaulVDV
Welcome to the Forum.

My AVG version is 4.1 Home Edition
I didn't know they made that version! ;D I think you meant Avast! version is 4.1 Home Edition didn't you? :)
40

Well, yes of course, it was Avast and not AVG ! Sorry for the confusion.

When I try online scanner, I get the following :

  • with Computer associates: Win32.Rbot.IF
  • with Kaspersky : Backdoor.Rbot.gen
  • with Avast : Win32:Trojan-gen. {Other}

Which one is the right one ? None of them can clean it. What should I do ?

PS. Avast signature is now 0435 but still reports the problem.
I will submit the file to virus@avast.com.

Thanks,
-Paul