Win32:Trojan-gen.vb

Could use some help fixing this one, seems to be a good hider! Run WIN98, avast w/lastest updates/resident scanner/shield/email and spybot. Getting recent notices that a file called

c:\windows\system\updater.exe is Win32:Trojan-gen.vb infected.

Delete it and it just comes back. Safe boot scan with avast comes up empty as does a spybot scan. I see from some previous dealings on this forum that I errored when I tried the online scanner to ID the bug in that I did not stop the avast resident scanners, so I can try this again when I get back to my home PC. Any other advice? Thanks in advance…

see if trend will dig it up. Post the name of the trojan trend finds. I can look up the specific removal instructions then. Http://housecall.trendmicro.com

Thanks! Will try this later today, and report what I find…

Hmmm, trend did not find anything either. I would say it’s a false positive but the suspect file keeps reappearing after deleting it?!?

can you sent a copy to the alwil team?

Ok, I Zipped/pwd a copy and send it to alwil. Thanks!

Looking through forum again and found/used KAV, ID’d the bug as

updater.exe Infected: Trojan.Win32.Wingor

Searching for info now, but advise still welcomed…

Investigating further… found this in registry

C:\WINDOWS\SYSTEM\winregsrv.exe

when I look at the properties, the internal name is

synrg.exe

Searching on this filename turns up a number of hits on various worms, so I think this is the culprit.

I removed that reg entry and the trojan updater.exe, all seems well now after reboot. Cross my fingers but I think that was the worm/virus and it’s dead! Thanks again for your help.