win32:trojan-gen {other}

Viruses and worms
1

Avast detected this virus Win32:Trojan-gen. {Other} in this file C:\WINDOWS\help\svchost.exe

I’ve tried moving this virus to chest, deleting the file, repairing it but the result is same. It’ll solve the problem but i’ll get the same warning after a while.

I’ve tried scanning in safe mode but nothing is found. I’ve scanned my PC in normal mode with Ad Aware-SE and Avast and fixed all problems found. But after a minute or so Avast will tell me a virus is found.

I’ve noticed that there are a number of process in windows task manager named svchost.exe and i’ve tried to close them under normal mode. However windows will automatically reboot once i shut down a particular svchost.exe saying that a remote procedure call service terminate unexpectedly.

Please help

2

Hi hjkann,

svchost.exe is a legitimate Windows process, and it can have multiple instances: shut down these and Windows will stop working.

It can also be a malware process, but is a symptom of several different worms: Win32:Trojan-gen. {Other} doesn’t tell us which one.

Have you tried a boot time scan with avast! if supported on your system? (Right click on the scanner screen and select ‘schedule a boot time scan’- set the default action to move to chest if you have a cordless keyboard because it won’t work during the scan.)

If that doesn’t work, I suggest you try Ewido (if you have Windows 2000/XP):

http://www.ewido.net/en/

Also worth a try is DrWeb’s CureIT:

http://download.drweb.com/drweb+cureit/

If your system is badly infected, I’d recommend Trend Micro Sysclean:

If you are not a Trend Micro customer please download the following file.

http://uk.trendmicro-europe.com/enterprise/support/tsc.php

For the TSC package to be effective, you must download and use the latest pattern file. Place the pattern file in the same folder as the Trend Micro System Cleaner Package.

http://uk.trendmicro-europe.com/enterprise/support/pattern.php

svchost.exe may indicate that your system is not up to date and has vulnerabilities: as soon as your computer is clean, visit MS update and download all the critical updates. Also make sure you have a firewall up.

Good luck!

3

Hello FreewheelinFrank

Thanks for the reply! :slight_smile:

As soon as i posted this thread i found an out thread in this forum relating to the same problem that i’ve encounter. It recommended a website where if i do a HighjackThis and send in my report, they might be able to analyze what my problem is.

I did what was suggested on the site and sure enough the virus seems to be gone for good!

Thanks for the suggestion and yes i’ll need to update my windows! :wink:

4

Welcome to the forums, hjkann. :slight_smile:

It is good that your problem is solved.

Please come back often, learn more, and maybe help others. :slight_smile:

5

My solution involved booting in Safe Mode with Command Prompt. I then changed directories to c:\windows\system32 and deleted the file “dfrgsrv.exe” and my problem was solved.

6

Welcome to the forums, kycyberdad. :slight_smile:

Thank you for posting more info on solving this problem.

Please come back often, learn more, and maybe help others some more. :wink: