[b]Help to remove win32:Trojan-gen (other)[/b]

Hi guys: Help to remove win32:Trojan-gen (other)

Evrey time I scan my computer with avast, avast tell me that I have a virus, but evrey time I try to move to chest, remove or any action avst sent me an error message, please help me I don’t know what to do.

I pasted the avast report below, one more thing I have vista plataform.

  • avast! Report
  • This file is generated automatically
  • Task ‘Simple user interface’ used
  • Started on 31 August 2008 10:43:14
  • VPS: 080830-0, 30/08/2008

C:$Recycle.Bin\S-1-5-21-3646361635-137373463-58021350-1000$RJZGKRN.iso\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
C:\Applications\OEM\DVD1.iso\WIMFILES\SPL_VISTA.SWM [E] The file is a decompression bomb. (42110)
C:\Documents and Settings [E] The system cannot find the path specified (3)
C:\Program Files\Alwil Software\Avast4\DATA\moved\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
File was successfully deleted…
C:\ProgramData\Application Data [E] The system cannot find the path specified (3)
C:\ProgramData\Desktop [E] The system cannot find the path specified (3)
C:\ProgramData\Documents [E] The system cannot find the path specified (3)
C:\ProgramData\Favorites [E] The system cannot find the path specified (3)
C:\ProgramData\Start Menu [E] The system cannot find the path specified (3)
C:\ProgramData\Templates [E] The system cannot find the path specified (3)
C:\Users\All Users [E] The system cannot find the path specified (3)
C:\Users\Default\AppData\Local\Application Data [E] The system cannot find the path specified (3)
C:\Users\Default\AppData\Local\History [E] The system cannot find the path specified (3)
C:\Users\Default\AppData\Local\Temporary Internet Files [E] The system cannot find the path specified (3)
C:\Users\Default\Application Data [E] The system cannot find the path specified (3)
C:\Users\Default\Cookies [E] The system cannot find the path specified (3)
C:\Users\Default\Documents\My Music [E] The system cannot find the path specified (3)
C:\Users\Default\Documents\My Pictures [E] The system cannot find the path specified (3)
C:\Users\Default\Documents\My Videos [E] The system cannot find the path specified (3)
C:\Users\Default\Local Settings [E] The system cannot find the path specified (3)
C:\Users\Default\My Documents [E] The system cannot find the path specified (3)
C:\Users\Default\NetHood [E] The system cannot find the path specified (3)
C:\Users\Default\PrintHood [E] The system cannot find the path specified (3)
C:\Users\Default\Recent [E] The system cannot find the path specified (3)
C:\Users\Default\SendTo [E] The system cannot find the path specified (3)
C:\Users\Default\Start Menu [E] The system cannot find the path specified (3)
C:\Users\Default\Templates [E] The system cannot find the path specified (3)
C:\Users\Default User [E] The system cannot find the path specified (3)
C:\Users\Public\Documents\My Music [E] The system cannot find the path specified (3)
C:\Users\Public\Documents\My Pictures [E] The system cannot find the path specified (3)
C:\Users\Public\Documents\My Videos [E] The system cannot find the path specified (3)
Infected files: 2
Total files: 353144
Total folders: 16097
Total size: 43.0 GB

  • Task stopped: 31 August 2008 13:49:47

  • Run-time was 3 hour(s), 6 minute(s), 33 second(s)

  • avast! Report

  • This file is generated automatically

  • Task ‘Simple user interface’ used

  • Started on 03 September 2008 00:18:26

  • VPS: 080902-0, 02/09/2008

C:$Recycle.Bin\S-1-5-21-3646361635-137373463-58021350-1000$RJZGKRN.iso\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
*

  • avast! Report
  • This file is generated automatically
  • Task ‘Simple user interface’ used
  • Started on 03 September 2008 08:40:33
  • VPS: 080902-0, 02/09/2008

C:$Recycle.Bin\S-1-5-21-3646361635-137373463-58021350-1000$RJZGKRN.iso\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
C:\Applications\OEM\DVD1.iso\WIMFILES\SPL_VISTA.SWM [E] The file is a decompression bomb. (42110)
C:\Documents and Settings [E] The system cannot find the path specified (3)
Infected files: 1
Total files: 239901
Total folders: 3498
Total size: 26.3 GB

  • Task stopped: 03 September 2008 09:36:40
  • Run-time was 56 minute(s), 7 second(s)

Hi jenijoplin

This is some information about win32:Trojan-gen (other)

Win32:Trojan-gen.(Avast AV name) - a Backdoor Trojan horse that allows a compromised computer to be used as a Web proxy. This Trojan also attempts to steal cached passwords from an infected computer.
Backdoor.Berbew.B - Symantec name
Symantec description and removal instructions

I Suggest
you use the ffl. program to try to remove the malicious software from your system

1st We have SuperAntiSpyware

Download link

http://downloads2.superantispyware.com/downloads/SUPERAntiSpyware.exe

Instruction:
Download the software then install after wards update to current version then go to setting then check the Full System Scan ( this is very important )
when the program detect the spyware/trojan/malware delete it after deletion it would require a system
Restart then scan again if the malicious software came back (just for double check^_^ )

2nd We Have Malwarebytes’

If you follow these instructions, everything should go smoothly.

Please download [url=http://www.besttechie.net/tools/mbam-setup.exe][b]Malwarebytes' Anti-Malware[/b][/url] and save it to a convenient location.

[list=1]
[*]Double click on mbam-setup.exe to install it.
[*]Before clicking the Finish button, make sure that these 2 boxes are checked (ticked): [list]Update Malwarebytes’ Anti-Malware
Launch Malwarebytes’ Anti-Malware
[*]Malwarebytes’ Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can’t update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
[*]Select the Scanner tab. Click on Perform full scan, then click on Scan.
[*]Leave the default options as it is and click on Start Scan.
[*]When done, you will be prompted. Click OK, then click on Show Results.
[*]Checked (ticked) all items and click on Remove Selected.
[*]After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.[/list]

Next,
[*]Download random’s system information tool (RSIT) by random/random from here and save it to your desktop.
[*]Double click on RSIT.exe to run RSIT.
[*]Click Continue at the disclaimer screen.
[*]Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post the following:
[]The Malwarebyte’s Anti-Malware log
[
]The contents of log.txt
[*]The contents of info.txt

Reminder:
You can use Avast to remove the trojan u can only use the ffl. program if avast is unable to remove the malicious software from your PC You can Use 30 days trial of Avast Pro it’s a very good device :3 promise

Hi jenijoplin

There are the same discussion about this malicious software in the ffl. site
1st

http://www.pcadvisor.co.uk/forums/index.cfm?action=showthread&threadid=335312&forumid=1
2nd
http://www.computing.net/answers/security/win32trojangenother-virus/18391.html
3rd
http://www.techsupportforum.com/security-center/hijackthis-log-help/280247-vbs-malware-gen-win32-trojan-gen-other.html
4th
http://www.techspot.com/vb/topic72536.html

This is From our own Furom

http://forum.avast.com/index.php?topic=37434.0

This is a discussion form Microsoft (i recommend you read them)

http://support.microsoft.com/kb/309531

Note:
If my first guide dint work feel free to look around the fll. site there a thing or two to learned ^^
( I post this b4 my
http://i530.photobucket.com/albums/dd346/CavCafe/Misc-Bedtime.gif
:3 )
Hope this Help XD

I have the virus too. It sounds like the tools you recommend delete the infected files. My Avast scanner says that the infected file is in the folder called “System Volume Information”, file name “A0080105”. I am a bit squeamish about deleting a system file, assuming the system will even allow it. It is so sacred that the system will not even allow me to open the folder to look at its contents.

What should I do?

I have Windows XP Pro x64 v. 2003 SP2 on an AMD Athlon 64-bit processor # 3200+

If you have moved it to the chest successfully personally I would leave it at that. Files in the System Volume Information folder are there because they have either been deleted or moves from the system folders by system restore as a back-up. So I would say it has limited value.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Sorry, I had not read all your references. I managed to get access to the file, and since it was fairly old, I just deleted it. I hope it was a false positive. I’ll call you back if anything bizzare happens.

For info, “System volume information” refers to the files which may be used by system restore. A protected area, difficult (but not impossible) to access. (Not recommended nor, usually, required.)
I’ve found that the worst that happens upon deleting malware found in this area of the PC is that it sometimes disables a restore point from working.

Guys Guys
Files in Restore do not require Nuclear War techniques
neither do Avast move on reboot files
Here we have an avast detection of a move of a file in restore
big question is where did this bad boy come from and how do we keep from getting it again
since the source of the file is not shown- if it was I missed it let’s just do a general clean up

first If you have not run a boot time Avast scan Rt click the ball and “update programs”
the rt click again and schedule a boot time scan
reboot
OR if you have done this already recently run a Kaspersky on line scan
or do one now one later
then
Download, install, update and run malware bytes anti malware
if any hits put a check in the box
then click REMOVE CHECKED
post the log

now Run CCleaner or ATV cleaner
defrag
set a new restore point

If the posts lind referrs to indicate anything else needs to be done post back

Thanks for your post. I downloaded the WIN:32TROJAN-GEN{OTHER} from an e-mail from 123Greetings.com. I checked the site and it seemed kosher and then I saved to a pen driver. Open and installed the bad boy thinking it was a greeting card from one of my Italian friends.

I checked the forums of other victims and decided your guidance was the most recent and didn’t appear to involve rocket science or, my 6 yr old son’s help.

Ok, so it’s 3am but the trojan hasn’t appeared and Avast isn’t going ding a ling. Hopefully it won’t re occur and I can get on with my life.

I forgot to do a new restore point, could this cause any issues?

Thanks again!

Nah
have your 6 year old set a new restore point
today was MS monthly update day
always a good time to run secunia software inspector
if you java is out of date run JAVARA to do a clean up prior to upgrading

Hi, thanks again for your help about the trojan. I was wondering about the memory stick I downloaded the the trojan app onto, will this be best burned or can I re use the stick?

MS has that stick protector thingie someone can give you the link
I would think avast could scan it if it shows up as a drive, so could the other apps
USB stick expert out there?

see this spybot post for one answer
http://forums.spybot.info/showthread.php?t=34034

Ive been searching this forum for 2 days for some help with my trojan, rootkit prob. Much like many I see, I am a complete idiot when it come to the guts of this computer. I can tell you that:

  1. I have no idea where I picked it up. Let Nortons expire, no protection for 12 wksish. Just noticed a little slow motion in my picture files, clips. Got concerned. Meanwhile, also worried about online security compromise, banking etc.
  2. Downloaded Avast free to my Vista platform. Immediatle got this, and put it in chest.
    A1127-tmpapi.exe c:users\lisa\app data\local\temp 5-4-08
    imgtask.exe c:\windows 12-2006

3.Decided to run antirootkit, gotthis. Did not fix. Too scared.
avast! Antirootkit, version 0.9.6
Scan started: Thursday, September 11, 2008 3:43:07 PM

File C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JWRL662M\bind[2].htm HIDDEN
File C:\Windows\Temp_avast4_\unp150944326.tmp HIDDEN

Scan finished: Thursday, September 11, 2008 3:49:07 PM
Hidden files found: 2
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

Can anyone help. Not sure how to proceed, need clean registry, or what.

Thanks

Best to start a new thread post all answers in new thread thanks

Someone else can advise on rootkit but I would certainly fix it and then run one in #5 below
Polonus may advise us on this

I have to run to lunch but here’s a start
here is a copy of Tech’s standard procedure which works very well if followed completely

I’m a little Dyslexic so I am going to spread it out a little and add a few comments

  1. Disable System Restore and then reenable it again.

  2. Clean your temporary files. Use ATF cleaner or Ccleaner- but post up any relevant AV logs first

  3. Schedule a boot time scanning with avast with archive scanning turned on.
    rt click on the ball and update>programs
    then open avast and schedule boot time scan- reboot and send any hits to chest, do not remove/delete
    did you quarantine or send to chest previos AV scans? what was there (ignore cookies)

If avast does not detect it, you can try DrWeb CureIT! instead.
http://www.freedrweb.com/cureit/
(not a bad idea for a second opinion anyway but you said you had already run some other scans)

  1. Use SUPERantispyware,
    http://www.superantispyware.com/
    update quarantine post logs

MBAM
http://malwarebytes.org/mbam.php
put a check mark next to any baddies and the click REMOVE CHECKED- a backup will be made

  1. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.

  2. Make a NEW HijackThis log after the above scans to post here

  3. Immunize your system with SpywareBlaster or Windows Advanced Care.

  4. Check if you have insecure applications with Secunia Software Inspector.
    http://secunia.com/software_inspector/