avast! does not detect Gen:variant.kazy.132874

I have avast! Internet Security v.7.0.1474, but I sometimes use other online scanners to check for viruses or malware that avast! might miss.

Today I used BitDefender’s QuickScan, which told me that my PC is infected with Gen:Variant.Kazy.132874. Prior scans by Malwarebytes did not detect it, nor did Trend Micro’s Housecall, and it has apparently been overlooked by avast! as well. If it is indeed a virus or trojan or worm, I may have had it unknowingly for some time.

What do I do? Is it a legitimate virus or malware of some kind, and if so, how do I get rid of it?

Did you get any log file after BitDefender finished with scanning? Send “infected” file to Virustotal and post results.

+1 Could also be a BD FP.

Follow this guide: http://forum.avast.com/index.php?topic=53253.0

Attach all logs here…

Remember: There is no perfect antivirus…all Antiviruses will miss something.

No log file; nothing but the screenshot I attached. I actually thought it might be a FP, or even that I had visited a hijacked url, but one can’t be too careful. None of the following site checkers - Norton Safe Site Checker, McAfee Site Advisor, and Trend Micro Site Safety Center - report any problems with the link.

does Bitdefender say what file is detected?..cant see on the attached pic
if so upload it to virustotal.com and test with 40+ malware scanners…

No. As I mentioned in the post immediately prior to yours, I got no log file; nothing except the window that says “Your system is infected with Gen:Variant.Kazy.132874”.

However, I just ran AdwCleaner and it said I have some stuff from Babylon Toolbar, so I’m now going to let it run its cleaning procedure, which I understand will involve a reboot.

However, I just ran AdwCleaner and it said I have some stuff from Babylon Toolbar, so I'm now going to let it run its cleaning procedure, which I understand will involve a reboot.
yepp....it removes most of the browser/toolbar crap

AdwCleaner apparently didn’t find Gen:variant.kazy, but says it removed Babylon and a number of other things (partial list below):

***** [Services] *****
Found : Updater Service for StartNow Toolbar
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\AGI
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found : C:\ProgramData\AGI
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Tarma Installer

However, avast! told me that something tried to change my default Home Page, so I don’t know if that was AdwCleaner or an effect of the stuff it was removing. I didn’t allow the change.

Thanks for your help, guys. I would never have found AdwCleaner, but it’s now part of my arsenal.

AdwCleaner apparently didn't find Gen:variant.kazy
it is not a malware scanner......it just removes crap it does not have a update function so you need to download latest version when you need it

if you are following the hole guide true indian gave you…then there are som more logs to attach…not copy and paste

Malwarebytes
OTL
aswMBR

I had a couple of similar Kazy alerts from BD yesterday.

(I was scanning my w7 installation from a dual booted linux distro with BD for unices).

Both the detections were within avast files (one in defs, one in an avast .dll - can’t remember which).

I suspected that avast maybe hadn’t encrypted these defs for some reason, so BD found them (or maybe a BD FP).

Detection has gone today - so whatever it was someone has apparently fixed it.

OK! I also have BD in my dual booted Linux Ubuntu (I think it’s Precise P because I wanted LTS). Maybe I will rescan with BD in Win7 tomorrow, and if I get a hit, I’ll try a scan in Linux.

Thanks, Mag.

Great topic and info…thanks from an observer!

Pleased if I’ve been able to help.

You probably know this, but mount your windows drive (as su/sudo) first in the same account from which you then run BD scan - otherwise I’ve found BD is a bit variable in whether it will access it.