Win32: Trojan-gen help me I'm clueless

I installed avast and did the scan and it came up with the virus Win32: Trojan-gen. Name of file is: C:\Windows\System32\enflib.dll. I am using Windows Vista. Not to make myself look bad but I am a girl and though I am an average computer user when it comes to this I am clueless and I need this explained to me in simple English. I need to know what to do to get rid of this virus, step by step. Thanks to anyone who can help me!!!

[font=segoe ui] Win32:Trojan-gen means a Windows 32 bit trojan detected by generic signatures.

Are you using the beta, specifically avast 5? For the meantime, let the file stay in the chest and proceed to further scanning.

Malwarebytes Antimalware (MBAM) ============

1 Download Malwarebyes’ Antimalware here
2 Proceed to installing MBAM after downloading
3 On the last dialog box, do not forget to leave Update Malwarebytes’ Antimalware and Run Malwarebytes’ Antimalware checked
4 Malwabytes’ Antimalware GUI would appear, from there select Perform Quick Scan and click Scan
5 When scan is completed, click Show Results
6 Click Remove Selected and then, a notepad file will appear.
7 On the notepad window, click File > Save As and save it on your desktop. You may now close MBAM.
8 Go back here and attach the .txt file on your next reply by clicking Aditional Options… in the reply window

I downloaded the 4.8 home version just yesterday. I followed your instructions and have the attached file. Hope this helps! Let me know what to do next. Thanks so much!

Hi valleycem,

The file you mentioned is part of a vundo infection - also consider this cleansing routine for the programs and tools used - mark your situation can be quite different than the victim in the example cleansing routine:
http://www.atribune.org/forums/lofiversion/index.php?t4016.html
Also consider the info here: http://www.prevx.com/filenames/3229523333808601654-X1/ESUBX.EXE.html

polonus

Ok that last reply didn’t help. I need to know what to do to fix this infection or whatever it is. Step by step, what to do. Also, is this something that can cause my laptop to shut off by itself? It has been doing that lately. Please help me to get this resolved!!

Okay,First lets run a few more scanners to see what and if they return any results.

Please bear with me as I try and guide you through the steps, I’m on windows 7 64-bit so I don’t have it installed. This is all by memory.

1.Download Super Anti-Spyware Free Edition at : http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

2.Install it

3.After the Installation it should provide you with the option to “update now” and then “launch super anti-spyware”. If it does not go ahead and Launch it and then at the bottom right of the SAS(Super anti spyware) menu click update database.

  1. After the Update go ahead and click “Scan now”

  2. Select “Full” scan.

  3. Post back here with the results.

If that doesn’t find anything we will try a few more scanners to confirm you are clean. As for the PC randomly shutting off, Have you experienced this problem prior to getting this virus? If so it could be because of over-heating or bad memory.

EDIT I would like to add that you need to run another avast scan. (Whether you do it before or after the Super anti spyware stuff doesn’t matter.)

1.Make sure avast is up to-date(you can check by right clicking the “a” and click “updating” and select “program update”.

2.Launch avast (right click the bull “a” and click Start avast! Antivirus)

3.UAC(User account control) will notify you that avast needs permission to execute. this is normal. click “yes”

4.If you are use the default avast “skin” (the media player) then click the “drive” looking icon to the right. it should be on the top one.

5.Select “thorough” and make sure “scan archives” is checked.

6.Scan removable media is not needed if you don’t have any cd’s in your drive.

  1. Select the “folder” looking icon.

  2. Check “Computer” This way it scans your entire PC and click “ok”

  3. Start the scan and report back here with the findings.

Thanks for the reply! I will try your suggestions. I also installed Malwarebytes by someone’s suggestion and the items it put in the quarantine I deleted. I scanned again and it didn’t find anything. I also scanned again the quick scan with Avast and it did not find any infected files. So am I good? I am scared something is still hiding in there.

As for my laptop shutting off, I am not sure how long I have had this virus, so hard to say if it was shutting off before that. It is only a little over a year old I am not sure why it would be overheating or something like that.

I probably will not be able to assist you with the PC shutting off, if the scanners provided in this topic do not find anything. Sorry about that,but hopefully someone else can.

As for doing the quick scan, It is recommended to do a thorough scan,as it checks very deeply for stuff that may be hiding. It’s something I recommend doing. It may take longer but it’s best to be rest assured that you are good to go.

When I find myself in question of a virus being on my system I use all of the scanners provided above including a few on-line scanners, such as Eset’s Nod32 online scan at http://www.eset.com/onlinescan/ , Kaspersky’s online scan (Which is currently being rebuilt it seems) at http://usa.kaspersky.com/downloads/free-virus-scanner.php , and sometimes I use McAfee’s online scan at http://home.mcafee.com/downloads/freescan.aspx?cid=60447 (usually not all at once).

As well as doing the thorough scan of avast (with archives checked and scanning my entire PC) and then doing a boot-time scan with avast.I know it seems like a lot but I only do it when I have a very good reason to believe something is on my pc and to CONFIRM that I am clean.Mind you, I am NOT using more than one antivirus application as they can conflict if both are using Real-Time scanning methods.

My methodology is quite long and time consuming but I can safely tell you I am by far from being infected.

If you would like to run an boot-time scan of avast (which scans your PC after it has been restarted or shut off or what have you), and you have not already done so you may follow the these steps :

1.Right click the avast icon or the “a” in the system tray

2.click Start avast! Antivirus

3.After the memory scan click the “eject” like button at the top left

4.select schedule boot-time scan.

  1. in the “advanced” section you may select to scan for “archived” files and folders.(.rar , .zip etc,)

I hope this is not too much of an overload. You by no means have to do any of this (in this post at-least, I still think you should do the ones in my first post though :D). This is just a general run down,in detail mind you, of the steps I take to check my system with reason of believing I am infected.

Hi Valley,

To make sure your system was really good enough, i reference you to download HijackThis Tool to scan your system and then you can posting to: hijackthis.de

In there, you can see the analyze report displayed to define is there still others nasty application nested on your system

Hijack This! is for more advanced users and can cause more harm to your PC if you don’t know what you are doing. If you decide to try what Yanto Chiang advised you can always upload the Hijack This! log here for us to take a look at…As it is not advisable for you to change anything with Hijack This! if you don’t know what is good and what is bad.

Hijack This! may be of help to us in determining if you have other baddies hiding.If you download and run Hijack This! you can click “run and save a log” and upload it here so myself and others can help you with it’s findings.

P.S. In my experience when posting the Hijack This! log it took a great deal of time to get a response from the hijackthis.de website.

Hi Valley,

I agree with DarkLegend mentioned that if you are not able to know which one is the right or bad one in your system to fixed it.
Then you could post the result of hijackthis test, and then we could help you to suggest what is the right file need to fixed.