This is driving me insane...

Hey, what’s goin on, last night I had my first encounter with any sort of MalWare, and after spending all night trying to figure it out myself without any luck, I decided I would post here as there seems to be quite a few people who actually know what theyre talking about. So like I said, last night I was downloading a program from a pretty shady source (which ironically enough was for an Ad-Ware blocker), when my Avast! VB started going off. Here’s all the info about my system and the trojan itself, if I forgot anything just lemme know:

OS System and updates:

Windows XP Home Edition 2002 w/ service pack 2

Avast! version and VPS file number:

Avast! version VPS 0659-0 (most up to date), Virus database current as well.

Name of the Virus, the filename, and where the trojan was located:

Virus name is Win32:Trojan-gen.{Other}, which affected the file - C:\Documents and Settings\Ben Hutchins\Start Menu\Programs\Startup\win32.exe

After I became infected My computer kept freezing up on me, which could have been a result of the trojan or because I was running 2 different virus scanners running (hey, I panicked!) and everytime Windows would boot back up I would, and still am getting prompted to open one of three files (Win32.dll, MSWINSCK.OCX, or SYSINFO.OCX) which are all located in my StartUp directory (located at C:\Documents and Settings\Ben Hutchins\Start Menu\Programs\Startup), which is also where the infected files came from. I’m wondering if the prompts I get after rebooting my computer is the program trying to replicate, but because Windows doesn’t recognize the .OCX or .dll extentions, it’s keeping it contained. What was strange to me was that I received 4 notices for the same Win32 trojan from Avast every time I turned my computer back on. After the 4th time tho, I stopped getting virus warnings, and the virus scans actually came back clean.

So I guess my question is this, what should or can I do about the Win.exe file that is currently quarentined by Avast, do I even need it? Also, what about the 3 files in my Startup folder that keep trying to open up, is there any salvaging them? or do I need them at all? (actually, after just looking at the properties of each file, I notice that they were all created when I became infected)… strange.

So that’s it I think, if anyone has any suggestions I would greatly appreciate it, and if you need any more information from me just lemme know.

thanks,
Ben

Welcome to the Forum :wink:
Since this is a Generic detection it is possible that this detection is False so you might want to take a look at this:
http://forum.avast.com/index.php?topic=25501.0

Hope it helps

Al968

:slight_smile: Hi Ben :

 You have NOT mentioned IF you have run any antiSPYWARE/antiTROJAN program(s) !? Do you 
 have such programs on your computer, which would be more appropiate when trying to 
"quarantine" a trojan, worm, etc .
  After downloading from questionable website ( crack !? ), MIGHT need to run some rootkit
 detection program(s) !? Have any of those ?
 By the way, WHAT "Ad-ware blocker" program were you ATTEMPTING to download ?

Interesting you should mention that, I actually just finished scanning my entire system with AVG, and even restored the infected win32.exe file back into the startup menu, which caused Avast to pop up with a virus warning, but when I ran the file through AVG I got nothing. However something is still definitely wrong, my startup files are still attempting to run when the computer boots up, and whenever I try to click on the win32.exe file my computer freezes up… anyone have any ideas? the frustration is killing me lol

I just ran AVG which came back just fine, I’ll look into finding a rootkit program… not really sure what it does, but at this point I’ll try anything. Yeah, so it was a crack.exe file from a DL of Spy Sweeper that infected my system initially. When Avast popped up and notified me that it contained a trojan, I just went ahead and deleted it… maybe that was a mistake, but before last night I had absolutely no experience dealing with MalWare…

Restore it from Chest to a floppy or USB drive (if you think you’ll need it back further).
Then uninstall avast.

No, you won’t need them.

Well, are you using AVG and avast at the same time?