Win32:Trojan-gen. {Other}

I had first Norton Internet Security with Norton Antivirus installed on my computer (Windows XP). Norton Antivirus did not find any virusses on my computer. I removed Norton Antivirus (not Norton Internet Security) and installed Avast Home Edition on my computer. Avast found the virus “Win32:Trojan-gen. {Other}” in some files on my computer.

When I checked other forums, I discovered that a lot of people have founded a trojan virus on there computer after installing Avast. And they also said that before installing Avast they checked there computer with another anti-virus and he didn’t find anything. Could it be that this virus is included in the Avast installation ?

All infected files have the same filelength (=57856 bytes). Some of these files have extension .EXE, the others have extension .CLASS. The infected files are all new files that I never have installed on my computer.

I first did a normal scan. He find some EXE-files infected. A few days later I did a through scan and then he found some CLASS-files and other EXE-files infected.

Where can I find information on this virus. Avast only said that it is a virus but it refuses to give me any information on it. Does Avast has a description list of all the virusses that he can detect ? I have scanned the infected file with Panda free online scanner to get information on it, but he didn’t detect the virus.

What is the best Avast configuration for this virus ?

If I put the Avast Standard Shield to “Normal”. Will he also check the .CLASS files ?

The Avast Screensaver updates the VRDB database. Does this screensaver also does a virusscan ?

When you run the Avast Screensaver and enable “name extensions (fast)” and “Scan default extensions”, does he then also checks by default the .CLASS files ?

Unfortunately, the Avast team are WAY too lazy to assign the proper names to each detected virus/trojan :stuck_out_tongue: So if you want to find whether your file is indeed infected by a virus/trojan, and especially the correct name for it, try the free online scanners, good ones are
http://avp.ru/remoteviruschk.html
and
http://www.ravantivirus.com/scan/indexie.php

I hav the same problem…

When i boot and go to the main screen of windows XP i get a flashing warning saying i hav a virus in c:\windows\TVTMD.exe file

I cannot delete it, repair it, move it, nothing! from either the virus warning box or manually myself…

i then chose an option that scanned my computer after shutting it down and booting again, it found 6 files that were infected, but not the above mentioned file… i tried to repair 1 of the files infected but could not, so i had to press dlete for the files…

below is a cut and paste of the log file:

08/09/2003 22:51
Scan of all local drives

File C:\WINDOWS\SYSTEM32\aupdate.exe is infected by Win32:Trojan-gen. {Other} - Repair: Error 42060, Deleted

Scanning aborted

Number of searched folders: 564
Number of tested files: 13112
Number of infected files: 1


25/10/2003 22:21
Scan of all local drives

File C:\Documents and Settings\Jason Barone\Local Settings\Temp\ICD1.tmp\ie_plugin.exe is infected by Win32:Trojan-gen. {Other} - Deleted
File C:\System Volume Information_restore{42976059-93BC-4DF1-BFDA-EE11E9F942E2}\RP68\A0029134.exe is infected by Win32:Trojan-gen. {Other} - Repair: Error 42060, Deleted
File C:\System Volume Information_restore{42976059-93BC-4DF1-BFDA-EE11E9F942E2}\RP76\A0030031.exe is infected by Win32:Trojan-gen. {UPX!} - Deleted
File C:\System Volume Information_restore{42976059-93BC-4DF1-BFDA-EE11E9F942E2}\RP76\A0030083.EXE is infected by Win32:Trojan-gen. {UPX!} - Deleted
File C:\System Volume Information_restore{42976059-93BC-4DF1-BFDA-EE11E9F942E2}\RP77\A0030124.EXE is infected by Win32:Trojan-gen. {UPX!} - Deleted
File C:\System Volume Information_restore{42976059-93BC-4DF1-BFDA-EE11E9F942E2}\RP77\A0030163.exe is infected by Win32:Trojan-gen. {UPX!} - Deleted

Number of searched folders: 1900
Number of tested files: 53379
Number of infected files: 6

the files in \windows mentioned above is not mentioned but???

My computer has not acted any different up until now, today i logged into my main hotmail account, and could not delete an emails, i got a warning box popping up saying i must first select the emails before i press delete (even though several were ticked by me to be erased) is this a thing the virus is known to do? or do i now hav more problems on my hands? ps another hotmail account i tried works fine…

Please help!!! any ideas???

Thanx
Jason :slight_smile: :slight_smile:

ps, that panda thinggo that scans ur comp didnt find a thing…

Did you check the files with one of the sites nobody mentioned? What do they report? It could also be Spyware. So you may try Spybot. Maybe a Haijack this log is intresting too.

i would try out the site called trend micro it helped me alot but be careful it oculd delete some file u may need but it does work

If you want to make an onlinescan chooce one of these:

http://www.mcafee.com/myapps/mfs/default.asp
http://www.ravantivirus.com/scan/indexscan.php?

I have executed the following online anti-virusses on the files infected with Win32:Trojan-gen. {other} :

  • Kasperky antivirus
  • RAV antivirus
  • McAfee antivirus

Kasperky and RAV didn’t find anything. McAfee is still busy to scan. (with McAfee you don’t have the option to scan only one file so I am waiting until he finished to scan)

In my previous mail I said that I executed the Panda online antivirus and that he didn’t find anything. After running the Panda online antivirus on my computer, Avast found the following infected files on my computer (exclude Win32:Trojan-gen. {other}) :

  • c:\windows\system32\activescan\pav.sig
    size=4282585 bytes
    (infected with Win95:Matyas)

  • c:\windows\system32\pav.sig
    size=4282585 bytes
    (infected with Win95:Matyas)

  • c:\windows\system32\activescan\imscan.dll
    size 1265664 bytes
    (infected with Win32:Kuang2)

  • c:\system volume information_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP89\A0005999.dll
    size 1265664 bytes
    (infected with Win32:Kuang2)

Are these false alarms ?
The RAV online antivirus doesn’t detect a virus in these files.

McAfee just finished to do a complete scan from my harddisk. He found no virusses.

Than it is time to test Spybot. After a little google search it gives you some links related to Spyware.

Yes - as said multiple times on this forum - the files left from Panda tools are false alarms. Panda stores the virus signatures in plaintext (unencrypted) forms - therefore other antivirus programs report them as infected.

Hi,

I have the same report in
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavdll.dll {Win32:Kuang2} ??
in
C:\Program Files\Panda Software\Panda Antivirus Platinum\Sdisk2.img\sdisk2 {Win32:Kuang2}??
in
C:\Program Files\Panda Software\Panda Antivirus Platinum\pav.sig {Win95:Matyas} ??
in
C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavcl.com[UPX] {Win32:Nimda [Drp]} ??
and Avast not repair when we demand ??

So it is a false alarm ?? ??? because all over anti virus don’t find anything ::slight_smile:

Thank’s for answer and so sorry for bad english :-[

I ran Spybot. He didn’t detect the infected files. Instead of that he found some spyware cookies and registeries that has been installed when trying to access pay-sites. I removed them.

The scan of Spybot is very fast, compared to an antivirus scan. It seems for me a little bit too fast (95 seconds for 10 Gigabytes data). Does he really scan all the files from the harddisk ? I have put an infected file in the move folder of Avast, but how can I be sure that he scanned this file ?

NO it only seems to scan Registry related links and other “Spyware sensitiv” areas like Cookie, windows folder and so on.

I have put all the virusses in the chest. But now Avast find some new infected files :

  • c:\system volume information_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP89\A0006033.dll
    size 1265664 bytes
    (infected with Win32:Kuang2)

  • c:\system volume information_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP89\A0006032.exe
    size 57856 bytes
    (infected with Win32:Trojan-gen {other})

I didn’t reuse the panda online antivirus. So why is there a new file infected with Win32:Kuang2 ?

It seems that Win32:Kuang2 and Win32:Trojan-gen {other} have become good friends because they both infected a file in the same directory.

to get rid of these look here:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

I disabled the system restore.

I have another question about the “{Other}” in Win32:Trojan-gen{Other}. Does this “{Other}” means that it is a new unknown trojan found by heuristic scan and that all the new unknown trojans are classed under this name ?

This could explain why other anti-viruses can not detect this trojan, because it is a new one.

No, it is not a heuristic more a generic detection. Maybe one of the Avast Guy can explain it a bit more detailed.

The Problem is, that it sometimes produces false alarms and you are only able to find out by scanning that file with an other scanner or by sending the file to Avast.

In your case i would tend to a false alarm.

BTW: You should enable your System restore. If you use Windows me you need a patch to enable it again, if you haven´t patched it allready.

You said that it is a false alarm. The strange thing is that all the infected files have the same filelength. I compared the EXE-files to each other with dos-command “fc /b”. They are all the same.

Between the infected EXE-files and infected CLASS-files there is a difference of two bytes.

All the infected files were located in cache and temp folders. The cache and temp folders looks to me the best place for a trojan to hide.

Infected filenames:
Dc61.exe
Dc386.exe
99950062.exe
SecurityClassLoader.class-35b3d2a5-23a8bb2e.class
SecurityClassLoader.class-35b3d2a5-606607aa.class
SecurityClassLoader.class-35b3d2a5-6b11255e.class

I said i would tend to say it is a false alarm, but you could send one to virus@asw.cz to be sure.

I’m having the same issues with this virus. I used Norton at first and switched to Avast. Norton never detected any Win32 trojan.gen, but Avast did. Anyhow, I quarantined it (put into virus chest) … Yesterday, my internet just started doing its own thing. It went from yahoo to Google, then to a porn site, and it kept on just going to different sites so I clicked out of the internet because I assumed I was hacked. I checked my program files that were running and saw a suspicious JPG.exe … Anyhow, I ended that program and did a thorough virus scan again. It picked up the Win32 trojan.gen, 5 times. They’re all in the C:\Restore\Archive folder. I’m guessing the virus spread? Isn’t it supposed to not be able to spread if it’s been moved to the virus chest?

Another thing, I did an online scan with trend micro and panda which picked up NOTHING.

What the heck is going on? Should I just get rid of Avast and download something else? This is freaking me out and if it’s not doing it’s job, I need an antivirus program that will. I take online college classes and can’t afford to be without a computer.

Sorry, I’m just really frustrated. :frowning:

Also, in the custom settings, under Advanced … it says "Here you can modify the list of locations that will not be scanned/and or tested. (Global exclusions are not appended) … Anyhow, in there it has MSDOS.SYS and some other stuff. Shouldn’t those be scanned too???

I’m so confused.

Thanks!