Win32:Trojan-gen. {Other}

My daughters laptop has recently started having an avast popup whic continuously pops up. Selecting any of the options, ie., move, delete,repair, etc has no effect. Even running the boottime scan has no effect. After restarting the popup continuously comes up. Between the astricks is the contents of the popup message.

I am close to having her gwscan, and reload her system… any help to correct this issue prior to the final wipe is appreciated.

Jadrian


A VIRUS WAS FOUND!
There is no reason to panic, though. Try to follow the given advice and links. If your computer is part of a network, unplug the network cable to avoid further spreading of the infection.

File name: C://WINDOWS/system32/vturp.dll
Malware name: Win32:Trojan-gen. {Other}
Malware type: Virus/Worm
VPS version: 0603-1, 01/16/2006

available actions
-move/rename
-delete
-repair
-move to chest
recommended action: move to chest

processing
-no action note: if you press the “no action” button, the malware will not be activated

then you can click on


I suggest:
Update the virus database (VPS) and scan your computer again. If you get any infection, then run a boot time scanning (schedule it and boot).

Virus database was updated automatically as configured and manually updated and says there are no updates available. So it is on latest VPS.

and like I said, running the boot time scan does not work because after the scan when the computer restarts in normal mode the popup still comes up. I have also disabled system restore, run the scan after restarting, restarted in safe mode, ran the scan, even ran another boot time scan when restarting from safe mode. When the computer starts in normal modem that pop up still comes up.

The reason it can’t be dealt with is because it is in use, that is why a boot-time scan should be able to deal with it. So I’m a little surprised it didn’t deal with it, did it detect it during the boot-time scan and what action did you/avast take?

There may however, be other elements that restore it even after being dealt with.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

Download this and try that also Ewido Security Suite If using winXP. or a-Squared free if using win98/ME.

It did detect it during the boot time scan, selected repair, which failed, then selected delete, which failed (there is another program using the file) which is strange since file should not be loaded yet by windows.

Methinks some clever malware can start itself even before a boot time scan, either by injecting itself into a Windows process, or by starting as a service.

Am I wrong?

Ok… so when in doubt start over… I started up in safe mode, ran avast, found the infected file but wouldn’t remove to chest, repair or delete, made sure sys restore was still off and set boot time scan, found the file, told it to delete file, finally did it, no other infections found during scan, after windoze startup re-ran avast scan, no infection… Yea!!!

re-started computer, re-scanned, no infection, and no vturp.dll file in system32 but no adverse effects from deleting that file yet either. No iea why it didn’t do that the first 3 times I attempted the same thing…

Thanks :slight_smile:

Perseverence pays off in the end. Ewido is worth downloading if you haven’t already done so. It gives a trial period which allows full unrestricted use and then reverts to the free non-resident version if you don’t buy, it works well with avast.

Welcome to the forums.