Win32:Trojan-gen {other}

Hello there,

Can anyone suggest (in simple language) how can I get rid of this worm?
My computer’s memory is infected, and even I either delete it or ‘move to chest’ by Avast - it reappears on the next start of the computer.

I have it a few days now and every time I scan (by pass scan as required by Avast) I count more ‘restore’ files infected…

Thanks.

What is the filename and location?

Check your warning log text.

C:/Program Files/Alwil Software/Avast4/DATA/log/warning.txt

First this isn’t a worm.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

There is likely to be another hidden/undetected element to the infection that is restoring the file or downloading it again.

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version.

  2. MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

I agree with DavidR. Win32:Trojan-gen {other} is avast’s generic signature that can either lead to false positives or it may be a new type of malware.

Upload the file to VirusTotal and post the results.

Win32:Trojan-gen{other} infects files with extensions .com and .exe

It is hard to say that with any degree of certainty as the generic (the -gen bit) signature by its nature could be almost anything, added to that the {other} suffix goes further into the undefined category.

Generally file infecters are viruses, but again not hard and fast.

That is why the file name and location are very helpful in pinning it down and virustotal should also give some hits on other aliases (what other AVs call it).

Here are the infected files as copied from the warning log:

17/09/2008 18:21:49 1221664909 SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Applications\iebt.dll” file.
17/09/2008 18:23:49 1221665029 יעקב 3760 Sign of “Win32:Trojan-gen {Other}” has been found in “c:\program files\applications\iebr.dll” file.
17/09/2008 18:24:34 1221665074 יעקב 3760 Sign of “Win32:Trojan-gen {Other}” has been found in “c:\program files\applications\iebt.dll” file.
17/09/2008 18:24:34 1221665074 יעקב 3760 Sign of “Win32:Trojan-gen {Other}” has been found in “c:\program files\applications\iebtmm.exe” file.
17/09/2008 18:45:51 1221666351 יעקב 1320 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Applications\iebt.dll” file.
17/09/2008 18:46:49 1221666409 יעקב 1320 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Applications\iebtmm.exe” file.

During the secondary scan (what is it called? - blue screen) it also anounced that:

C:\system volume information_restore…long list of numbers…is infected (about the same amount of files as above).

Thanks a lot to those who’ve taken the time to reply. I have to learn how to do part of the things you wrote.


The dll’s you have listed indicate a Zlob infection.

Please wait for someone to instruct you in the removal process.


Castlecops calls iebt.dll Trojan-Downloader.Zlob.Media-Codec.

IEBTMM.EXE is known as Adware.Media-Codec/ZLob.Process

I suggest SuperAntiSpyware Free Version or MalwareByte’s Anti-Malware.

Thank you all.

However I just ran http://onecare.live.com/site/en-ph/default.htm?mkt=en-ph which was suggested to me by the Israeli help desk of Microsoft, and for the time being I seem to be clean. I’ll see when I restart again.

In case someone doesn’t know this live scanner - this is a free Microsoft product, and it’s helped me for the second time now.

Sorry to have to say this, but it’s one point to Microsoft vs. Avast!

Again, thanks to all those who helped me.

Lets not lose sight of what alerted you to the problem and any single program isn’t going to give 100% protection.

So the programs I suggested SAS and MBAM you should install as secondary on-demand scanners that you periodically update and run.

If there is any doubt about the system volume information restore points you should clear it out so that in the future if you use system restore you aren’t effectively reinfecting your system. Disable system restore on all drives, reboot, do a scan with avast and the other applications and if clear, enable system restore, that will create a clean restore point.

Well, I just rebooted for the first time after using the http://onecare.live.com/site/en-ph/default.htm?mkt=en-ph and for the first time in about a week I saw no sign of the virus. So, I think (and hope) that the problem is solved.
My knowledge of computers is next to nothing (apart from the use of them) so the last advice is something I know nothing to do it.
I just hope that the way I stand now is final.

Thanks again for all the help and advice.