Win32:trojan-gen {Other} detected - need assistance with removal

This has been detected on my system, Safe mode scans and deletes/move to chets, whatever have not fixed the virus. Looking for assistance in removing this annoyance.

Details:

File name: C:\windows\new_drv.sys
Malware Name: Win32:trojan-gen {Other}
Malware Type: Virus/Worm
VPS Version: 080514-0, 5/14/08

Thank you!
basehitter10

:slight_smile: Hi :

Always best to get a “2nd Opinion” ; do you have any antispyware/
antitrojan program(s), such as the FREE Version of “SUPERAntiSpyware”
from www.superantispyware.com ?

I believe this is the read deal as after the machine has been booted for a while I cannot run Add/Remove Programs etc.

I’ll download and run this, however, and report back.

Thanks!

Well, this is not good. The PC reboots after a while and I am not having any luck installing the program.

Any other guidance? I’d hate to have to reformat.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

So you get not one second opinion but 31 other scanners.

However there are many hits on a google search about the file name, but a file name is no guarantee that it is the same as yours, http://www.google.co.uk/search?q=new_drv.sys, see http://fileinfo.prevx.com/fileinfo.asp?PXC=4f0980313792 and http://www.bleepingcomputer.com/startups/new_drv.sys-16931.html.

Well, I can’t put it on our network here where I work, so an online scan is out. In addition, after the system starts up I get a “services.exe terminated unexpectedly” message and the machine shuts back down anyway. It doesn’t stay booted long enough to really do anything to alleviate the problem so it looks like a reformat.

Thanks to all who replied!

basehitter10

You’re welcome.

Using virus total isn’t an on-line scan as you upload the file to the site and it is scanned by multiple scanners on their site. So there would no requirement to scan on your work network. The file can also be sent by email, check out the virustotal link for further info.

Welcome to the forums.