Big Problem

i ran avast, and it found win32:trojan-gen in my kernal32.exe file, and all attempts to repair have been a no-go(just got the virus-scanner, hadn’t had a chance to make the VRDB yet), and no way in hell am i deleting or moving that file(did that with my last comp, can you say “reformat time”?). how can i get it to go away when it’s on that kind of file?

Hi,

please post the full path and exact name of the infected file
What Win do you have ?
also use Onlinescanners from Trend, RAV and KAV on the file to get a more specific name.

Use the Boardsearch with:
win32:trojan-gen
for further details: lots of topics on that one :wink:

kernal32.exe
Remote Access / Keylogger / IRC trojan
Doly is hidden in several different programs: in Memory Manager, in an Interactive Game, and in a Downloading program. The trojan also starts using Windows Startup Directory.

avast! cannot repair it because this file is not part of the system,in fact its a trojan.

i talked to the IT specialist at work and came to the same conclusion myself, so i attempted to just delete it which wouldn’t be possible if it was what i thought it was, and it’s gone now so thanks. that was particularly annoying though, i hate it when virus writers are smart like that

You’ll need to start thinking like they :wink:

i have actually wondered why they haven’t been doing that for while now. it just seems to basic to name it a file that people don’t want to touch(especially those that know at least somewhat of what they’re doing). oh well, it’s one of the few that i’ve gotten, so i guess i’ll start watching for em now

The most commonly trick is to use system like names,so users wont touch the files or even get suspicious about them.

Just name the stuff into something like this and it will practically mask itself between system files:

-iexplorer.exe (originally its iexplore.exe)
-kernall.exe (kernell.exe)
-dlIhost.exe (dllhost.exe → do you see the second upper letter “i” (I) instead of “L” ?) (with some other fonts it looks like letter “L”)

Or simply files with exactly the same filename,but just on wrong location.

Example:
explorer.exe which is located inside System32 folder. This application has nothing to do with this system folder and its there as virus/trojan. Real explorer.exe is located in root of Windows folder.

Have similar problem
have Win32:DyfucDldr-D [trj]
I have put this in Chest…is this correct thing do as it won’t let me delete it!
Have read thru forum but with my limited computer knowledge I don’t understand most of the advice!!! ???
Appreciate help guys…in simple( DUH!) type words.
Phil

Phil…don’t worry about asking for “simple” words/directions! I also needed that and many, many people on this forum came to my aid…and got right down to “kndergarten” level if I needed it.
we all start somewhere…

good luck!

cojo

Cojo…thanks for your support.
I need it!!! :smiley:

Phil, I hope I didn’t sound like a smart***…I really just wanted you to know that folks here are very knowledgeable and enjoy helping others. You won’t find a better suport forum–Avast! is the best product and has the smartest users :slight_smile:
and I speak from experience!

welcome and ask any question you need answered…except how to understand women and the meaning of life ;D

cojo

Lady White Dove (aka CoJo)…I definitely did NOT think you were being a smart*** :slight_smile:
I really appreciate you being there for me.
Cheers! phil