I’m new at this so hopefully this post will find an answer here. I’m trying to help a friend to find out how to remove the Win32: Trojan-gen {VB} virus. The Avast anti-virus protection program was installed just yesterday and it detected the “gen VB” virus. The Avast program cannot delete, repair, etc. the problem for some reason. I went to Google to get information and it took me to this place. Any experts out there that can inform me as to how to delete this Trojan virus would be greatly appreciated.
megaman04
Welcome to the forum.
Please help us help you.
What version of Avast! are you using
What vps version?
What OS?
What exactly is the error message? (If you are getting one.)
etc. etc.
Hi,
I have the same problem
Virus name: Win32:Trojan-gen. {VC}
File name : C:\Program Files\Common Files\updmgr\updmgr.exe
VPS version : 0433-3, 13/08/2004
I’m using Win XP pro.
Please advice.
I just got on to check for responses on how to remove the Trojan-gen {VB} virus. I noticed “Eddy” responded with “Click on the link in my signature and follow the instructions.” Where is the link in your signature that I click on? I’m new to this so, please clarify. Thanks…
This is a friend’s computer so hopefully this is the correct info to your questions. The Avast version is 4, the vps version is 0434-0, the OS is Microsoft Windows Me, and these are some of the “error” messages: The files was not repaired - cannot process c:\windows\system\3drefd.exe file; another is Access denied - cannot process c:\windows\system\sexch40m.exe file; another is Access denied - cannot process c:\windows\system\ysinv.exe file. There seems to be a new file with an “.exe” name that comes up whenever I try to repair or delete. I don’t know what is going on with the problem. Thanks…
The problem is that the process is running when you try to remove the infected files as explaind on the page in my link. If you follow the instructions there, the system will be as clean as can be when you are done.
I did click on the link next to Eddy’s flag. There’s a lot to do and a lot to download. According to the link I need Avast, Ad-Aware, Spybot, Hijackthis, etc… My friend’s computer already has the Avast program. Do I download the rest? Also it suggests to use/get CWShredder, Spyware Blaster and Bazooka. Are these free to download? And are they necessary to delete the “gen VB” virus or are they for future prevention? Near the bottom there are 8 steps to follow. Step 3 advises to install a firewall. Can I delete the virus without installing a firewall? This is my friend’s computer and I don’t know what a firewall really is. I can guess that a firewall “acts” like a firewall in a car. Can you help me on this? Thanks for your time…
Thanks for your response. I think I understand what you mean by the “process is running when I try to remove the infected files.” You wrote, “as explained on the page in my link.” Is your link “Shortcuts for all” found on your first response? Do I follow Eddy’s or your link to delete the virus? I don’t mean to take up your time, but this is my first time trying to delete a virus. Thanks…
Thank you to Eddy and Bob for helping me figure out how to remove the “gen VB” virus. I clicked on Eddy’s link and although it took a long time for me to remove the Trojan virus, it was worth it. There are still things I don’t know and have to read up on, but it worked. I did receive an error message from the Spybot Search & Destroy program after I ran it. The message was “Spybotsd has caused an error in the KERNEL32.DLL.” I am hoping it’s not a critical error that needs to be fixed or deleted. I wasn’t able to do anything with it. I just closed the error message. But again, thank you for your help. If something else comes up I’ll send an S.O.S. on the board to get help. Thanks…
sometimes it’s too many programs starting with WIN, but
it can also be Ad-/SpyWare
Have you tried running updated SPYBOT & Ad-AWARE in SafeMode (F8-Boot) ?
Are all Windowsupdates applied ?
You might also want to post a hijackthis-log and secure your Browser better
→ See Eddy’s sig., or “VirusRemoval” below in my sig for links&info
Thanks for the response “whocares.” You mentioned running spybot & ad-aware in safemode. I was in safemode when I ran them. I didn’t do any Windows updates though. I didn’t know if I was going to mess up anything by trying to do all the updates, plus I didn’t know when and how to do it so I skipped that part. Eddy’s instructions also included installing a firewall. I didn’t do that also because I didn’t know where to get one, let alone know how to install one. And I also didn’t got the Host file to make deletions. I didn’t know how to do that either. Do you any of the above? Thanks…
I have two questions I need help on. First, do I re-enable system restore in safe mode after going through avast, ad-aware, spybot, hijackthis, cwshredder…or is it done after I reboot the computer? Second, after using Hijackthis, a list of results appear (R1’s, 03’s, 04’s, etc…). A website said to delete all the exe. files in 04 while in safemode. Is that the route to take? Thanks for your advice.
megaman04
You asked to delete them in Safe Mode because once you reboot, you no longer have access to them.
Re-eneble SystemRestore after you reboot and know your system is clean. Once you have it re-enabled, do a fresh restore point and you can call it SystemClean. ;D ;D
Thanks Bob, but I need to clarify something. I asked if I needed to delete the “exe 04 files” in safemode because I haven’t done that yet. Didn’t know if I had to. I assume your answer is to delete the “04” files in safemode. Also do I use CWShredder, Spyware Blaster or another program to create a “restore point?” Thanks for your help.
No, unless there is a reason for you to need it to be enabled.
And for your question about the Hijackthis log, I point you again to my page It has the link to a HJT log analyzer I created, a online HJT log analyzer and explanation about the HJT log file.