Win32:Trojan-gen. {Other} and "Win32:Spyware-gen. [Trj]"

Greetings!

I’ve got a problem…

Yesterday I made a complete scan with Avast!, and it found some viruses (It said:“Avast! encontrou um Cavalo-de-tróia”, which, I’m not sure, but I think is the same as trojan)", but couldn’t move/delete them.

They were inside my Outlook mail file. I remember receiving some strange mail, but I opened none. I recall this “Babylon something” in the subject of the email, but I think I didn’t even click on it.

The viruses were all inside babylon.exe, which was inside this folder called “Unknown”. I looked the best I could, but found no such folder.

My email file is very important to me, so I’m looking for a solution to delete them without risking the file itself.

I have a updated version of Zone Alarm.

I made a internet scan with Panda, and scanned with a-squared anti-malware, and they both found nothing in those files. But Avast! accuses viruses everytime I use it to scan. Maybe it is the only one able to uncompress the Outlook email file.

This is the log:

4320 Sign of “Win32:Spyware-gen. [Trj]” has been found in “C:\Documents and Settings\EF-Escritório\Configurações locais\Dados de aplicativos\Microsoft\Outlook\Outlook.pst\Pastas Particulares\Início de Pastas Particulares\Inbox\via-rs\Edgar\edgar-post\Unknown\babylon31.exe\cd_install_167.exe\cd_clint.dll” file.

4320 Sign of “Win32:Spyware-gen. [Trj]” has been found in “C:\Documents and Settings\EF-Escritório\Configurações locais\Dados de aplicativos\Microsoft\Outlook\Outlook.pst\Pastas Particulares\Início de Pastas Particulares\Inbox\via-rs\Edgar\edgar-post\Unknown\babylon31.exe\cd_install_167.exe\cd_load.exe” file.

4320 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Documents and Settings\EF-Escritório\Configurações locais\Dados de aplicativos\Microsoft\Outlook\Outlook.pst\Pastas Particulares\Início de Pastas Particulares\Inbox\via-rs\Edgar\edgar-post\Unknown\babylon31.exe\cd_install_167.exe_adB2C2.dll” file.

296 Sign of “Win32:Spyware-gen. [Trj]” has been found in “C:\Documents and Settings\EF-Escritório\Configurações locais\Dados de aplicativos\Microsoft\Outlook\Outlook.pst\Pastas Particulares\Início de Pastas Particulares\Inbox\via-rs\Edgar\edgar-post\Unknown\babylon31.exe\cd_install_167.exe\cd_clint.dll” file.

2560 Sign of “Win32:Spyware-gen. [Trj]” has been found in “C:\Documents and Settings\EF-Escritório\Configurações locais\Dados de aplicativos\Microsoft\Outlook\Outlook.pst\Pastas Particulares\Início de Pastas Particulares\Inbox\via-rs\Edgar\edgar-post\Unknown\babylon31.exe\cd_install_167.exe\cd_clint.dll” file.

2664 Sign of “Win32:Spyware-gen. [Trj]” has been found in “C:\Documents and Settings\EF-Escritório\Configurações locais\Dados de aplicativos\Microsoft\Outlook\Outlook.pst\Pastas Particulares\Início de Pastas Particulares\Inbox\via-rs\Edgar\edgar-post\Unknown\babylon31.exe\cd_install_167.exe\cd_clint.dll” file.

Thank you.

Can’t you delete the emails into your Outlook?
You can configure avast (for the future) to send the email to a particular folder and then you won’t mess your inbox.
What happens when you open Outlook?

Well I would assume that you have tried a manual search of the .pst file from outlook ?

The Unknown, I would assume is a sub-folder within the Inbox, if you are looking on your Hard Drive you won’t find it. I would suggest trying a search for an email with the attachment babylon31.exe.
Or enter Outlook and look in each folder in turn, sort the email in order of those with attachments and see if you can find it manually, which ever method you use, manually delete the email and then clear the deleted email folder. If there is a means of compressing the folders you should do that as this will clear deleted emails completely and not just the remove the reference to the email.

Sorry if this isn’t too clear I don’t use Outlook (only OE).

You could also possibly change your Outlook/Exchange settings ‘Customize’ so that avast doesn’t scan archived messages on open, see image (that won’t scan all your read emails when you open an email folder and probably speed things up).

Hi Tech

I can’t delete the e-mail in Outlook, I couldn’t find this folder called “Unknown”.

Hi DavidR

I looked for the file inside Outlook, and I really couldn’t find it :confused:

Thanks for the tip.

EdmondF, do you have any backup of the *.pst file?
Please, before losing your mail, Google extract mail from pst files.
You’ll find some info, I hope:
http://support.gfi.com/manuals/en/mar3/mar3manual-1-42.html
http://www.mailnavigator.com/mailbox_reader.html
http://www.massreach.com/buy/eml-plugins.htm

Tech and DavidR, thanks for the trouble, the virus is gone, I was able to find the mail.

I started wondering if this Unknown could be a e-mail, not a folder. There was no e-mail titled unknown tough.

I made a new folder (edgar-post2), and copied everything from the infected folder (edgar-post) but e-mails with attachments into it (thanks to DavidR tip).

I did the test again, and it found virus in the old folder, as expected. I created many folders inside the infected one, and divided the e-mails left in edgar-post equally between them.

Avast! then accused viruses in the main one (I left some e-mails there). I passed all the other e-mails to the other folder, and there were 20 e-mails left. I was ready to begin dividing them into groups again, when I clicked the second e-mail, and avast! made a virus warning. I deleted it, and now I understand: “Unknown” meant “No subject”.

As I was writing this post, another virus was found. There was no problem moving it to quarantine. Hope it doesn’t have anything to do with the e-mail virus.

I would’ve surely used your advice, Tech. :slight_smile:

The log of this just found worm is:

Sign of “Win32:CTX” has been found in “C:\WINDOWS\system32\ActiveScan\pskavs.dll” file.

I don’t need any help right now with this one, just thought it’d be good to post anyway.

Anything else, I’ll ask here. :slight_smile:

Thank you both for the trouble.

Ok I’m galad you have found and disposed of the virus in the .pst without too much trouble and you have learnt a useful lesson should you ever need it again.

Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\pskavs.dll" file.
This is caused by the Panda on-line virus scanner placing unencrypted virus signatures in your system folder (in my mind totally inexcusable placing this junk in the system folders).

Personally I would delete the complete ActiveScan folder and its contents and use another on-line scanner if required. On-line Virus Scanners and other useful Links Security-Ops.eu.tt

Before you delete the ActiveScan folder you will need to disable system restore and reboot, otherwise windows will make a restore point of what you delete from the system folders (this is what I hate about panda placing this cr*p in the system folders). Once deleted enable system restore and reboot.

Welcome to the forums.

Ok. Welcome to avast forums 8)

I got a problem
i’ve found a trojan on my computer
the type is:“Win32:Spyware-gen. [Trj]”
How can i delete it???
Thanks

Hi matelito,

Please start your own thread- click on new topic- it’s easier to help you that way.

If you could also post the name and location of the malware detectedm that would help. For example:

Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NS2UH6IL\sysray[1].exe\bpkwb.dll" file.

Look in the avast! log to find this.

I have no a right on my desktop folders after putting some files in the folder it has changed by the name of file application (.exe) with the location of C:\Users\meseret\ Desktop I have no a right to change or to delete and I was trying but not abled to fix the problem with pc safe docter and founding "Trojan win 32 366233775 " with the path of " C:\program file\microsoft \microsoftsafety.exe " I was also trying to scan with avast free but it was terminating and brings bluish screen 2 times and also trying by booting scanning on the middle my laptop has been very heating and shut down.

Finally, I go to avast support and I used " Rougue killer " and returning my ownership right over my folders while its gives a little bit rest and not cured after 3 days also re taking my right , during the startup time very sluggish from 9-12 minutes’ and displayed the C program file (.exe) and it becomes gradually hot.

Please who can help me or shared his experience on such jaint evils
Thank you
Meseret


Welcome to the forums, Meseret Assefa !

Please start your own topic in order to get help as was suggested to another just above your post.

That way you will get help instead of your need getting buried in a really older posting … 5 years old at that!