Suspicious file

Today avast poped up a message that a file named gendel32.exe (DOS) is infected Win32:Trojan-gen. {Delphi}

This file has been sitting in my C:// for ages. I thought it was an XP core file so I didn’t mess with it. Do you have such a file in your C: (right at the beginning)…?

Jotti viruscan
AntiVir
Found SPR/Hcktool.Gende.A
ArcaVir
Found Virtool.Gendel.A
Avast Found Win32:Trojan-gen. {Delphi}
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found VirTool.Gendel.A
Dr.Web Found not a virus Tool.Gendel
F-Prot Antivirus Found nothing
Fortinet Found HackerTool/Generic.8315
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

I don’t have such file :wink:

There are very few system files that sit in the C:\ folder and that isn’t one of them.

Your friend google knows, a search for ‘Gendel32.exe’ without the quotes basically confirms the results on Jotti, its bad so move it to the chest.

i dont have it neither

I also had this file for a long time and recently Avast popped up with the same message as the initial poster has. I moved it to the chest.

But “my friend Google” doesnt seem to know what this is, exactly. Couldn’t find any trustworthy information on this.

Would be very interesting to know how it got into my system.

Restore it to a floppy or USB drive and test it against Jotti or Virus Total.
Let us know the results, i.e., if it is or not a false positive.

Seems I’m getting the same results as the inital poster. I kind of remember I searched for info on this file earlier but now I can’t for the life of me find any conclusive information. I’m on the verge of trying to do my own analysis of it using vmware and sysinternals tools but I was hoping someone here would know what it is …

File: gendel32.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database)
MD5 35bc2808ed08326dac79dc41cdf3d61c
Packers detected:

Scanner results
AntiVir
Found SPR/Hcktool.Gende.A
ArcaVir
Found Virtool.Gendel.A
Avast
Found Win32:Trojan-gen. {Delphi}
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found VirTool.Gendel.A
Dr.Web
Found not a virus Tool.Gendel
F-Prot Antivirus
Found nothing
Fortinet
Found HackerTool/Generic.8315
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

I found a description of it … in german, which I don’t understand :stuck_out_tongue:

http://www.viruslist.com/de/viruses/encyclopedia?virusid=63636

Then try your friend http://babelfish.altavista.com/ and translate the URL rather than paste what you want translated.

Or edit the URL and change /de/ to /en/ english, I tried this and it worked, interestingly there are differences between what is on the German page translated to english, to what is on the English page (no description).

In any case the file if moved to the chest will do no harm rather than delete, leave the file in the chest for a week or two (it can do no harm from there) to ensure no adverse effect from being moved to the chest. Then scan the file again in the chest to ensure it is still detected as infected and if so delete it from the chest.