Found a Win23 trojan gen deleted it & it came back, any advice please ?

Viruses and worms
1

I ran Avast for the 1st time & it found a Win23 trojan gen in C:/windows so I deleted it. I started the scanner again today & low & behold it was back so deleted it again. 1st of all what is this trojan & how did it get on my laptop & 2nd of all why does it keep coming back. Any advice or tips regarding this would be brill.

2

Try a boot time scan.

3

You want to get out of that habit, deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate. Even if in this case it appears to be OK, one day it will bite you in the rear.

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version.
  2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected. So there isn’t a great deal we can say as it really is unspecified.

4

Thanks guys for your responses. DavidR, TBH I didnt have a clue what that was all about as im not computer literate. I downloaded superantispyware on your advice & it found over 500 infected files of which 1 of them was that damn trojan so I quarantined them all but dont know what to do next as im not sure if it will effect my operating system if I remove it. It states it is a trojan.FakeAlert/tinyproxy in C:\programmefiles/TINYPROXY. Any help/advice guys would be most apprecited. Thanks !!!

5

No problem, glad I could help.

I suspect that the greatest majority of the detections were for so called tracking cookies, which are a minor issue (that some anti-spyware makes a big deal of), more privacy than security. In your browser security settings just disable third party cookies (those not for the site you are visiting) and periodically clear out the cookies.

If you have sent it to the quarantine that is fine nothing to do I would leave it there for a few weeks and if you don’t see any adverse effects on your system delete them from the quarantine (SAS doesn’t offer the option to scan within the quarantine).

As it said fake alerts, these normally display pop-ups, which state your system is infected/vulnerable, etc. trying to get you to visit a site (which could well get you infected) to run a scan or extort money for a program which you neither need or is of reputable quality. You may not have seen that payload (fake alert pop-ups) as it is likely that this is what avast was jumping on, but didn’t see the cause of the pop-up.

You should also run MBAM if you haven’t already done so.

Welcome to the forums.

6

DavidR
Thanks for your advice. I have disabled third party cookies & will keep an eye on how my operating system goes over the next few weeks. As the trojan is in quarantine does that mean that it wont end up in my programme files again or can another different one infect it again ?

7

You’re welcome.

The Quarantine is a protected area so they are safe in there. However, there is no guarantee that it won’t get in there from the same source that you got it in the first place. Depends when you got it, but avast has been able to draw your attention to a problem and periodically running the other tools I mentioned should increase overall protection.

So you have to practice safe Hex, not opening attachments or clicking links in unsolicited emails, they could take you to a site which will infect your system. Even if the email comes from a friend, that is easy to fake, so if the email is out of context for them check.

Ensure you have a good firewall. It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall ?

8

Im almost sure I dont have a firewall. Can I download a firewall free or do I have to buy one ?

9

Sorry ive just found that I have windows firewall. Is this any good as it hasnt done much for me so far ?

10

Hi…

Please watch the swearing. :slight_smile:

Windows Firewall (either in XP or Vista) is pretty good for inbound protection. However, if you desire outbound protection as well, you can download a 3rd party firewall, such as Comodo, or you have Windows Vista, the Windows firewall can be configured, with a little work, to scan for outbound traffic as well. please see here…

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1247138,00.html

http://www.vistax64.com/vista-networking-sharing/56740-configure-windows-firewall.html

If you decide on Comodo in particular, be sure to not install the AV component. :wink:

Hope this helps. :slight_smile:

May God Bless you!