Trojan win32.mal.gen!a

system · November 3, 2011, 4:22pm

Can Avast detect & remove this malware? Thanks!

polonus · November 3, 2011, 4:33pm

Hi ragweed,

Avast should detect this malware as Win32:Dropper-gen [Drp],

polonus

Pondus · November 3, 2011, 4:35pm

Like this you mean
http://www.virustotal.com/file-scan/report.html?id=549a1a6b823d98f5b30069ff21ebf78ed377256c7fcbeb57e247356e523019ff-1318357549
http://www.virustotal.com/file-scan/report.html?id=19402581e96bedf9ee0c358b3a907191a8fbcfeee6675a1cecd0792202f930c0-1317373856

unless you have a sample it is impossible to say exact…do you have it?
where did you get the name from ?..W32.malware.gen is a very general name

polonus · November 3, 2011, 4:47pm

Hi Pondus,

But this a file infector variant, malware in the realm of virut. We recently have seen a victim wrestling with a grim file infector and had to use frree DrWebCureIt to bring a bit more stability to the cleansing process as this scanner sort of freezes the machine during the scan taking place. Detecting malware is one thing, securely cleansing a machine from it quite something else,

polonus

Pondus · November 3, 2011, 5:06pm

Hi Polonus

i think almost all vendors is using the Virut name when they detect virut…exept avast that call it Vitro

so why do you say this Trojan win32.mal.gen!a is Virut ?

polonus · November 3, 2011, 6:43pm

Hi Pondus,

It is the mal/behav equivalent that points to a file infector, e.g. virut.gen O.
These are all generic video codec packer cracker detections. But without a MD5 hash or a complete sandbox virus analysis, it is just a good guess, based on experiencem

polonus

Trojan win32.mal.gen!a

Announcements