Win32:Trojan-Gen {VB}

Does any one know what this is and if its safe to delete? I have it in 2 locations

Unfortunatly avast now gives the original location as the avast “moved” folder (it found them in the original location then moved them toi the “moved” folder then found them in there!?)

One is in a file called mail.exe

the other was in C:\System Volume Information\ (thena lod of hex numbers\RP229\A0026699.exe

Having done a search I can find info on the virus but it has different characters than the VB at the end - can’t find anything on this one

Also, can anyone provide more nfo on what a decompression bomb is and does?

found the original location be scouring the logs in the avast program folders

C:\mail.exe is infected by Win32:Trojan-gen

C:\System Volume Information_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP232\A0026770.exe is infected by Win32:Trojan-gen. {VB} - Moved

neither of these folders existe(d) on my C: drive

Disable System Restore and reboot this will get rid of the infected restore points and other restore points. Scan your system again, if you have XP as I suspect you can schedule a boot-time scan from withing avast.

Make sure hidden files and folders are displayed in folder options.

I have hidden files shown, but these folders still don’t exist.

The viruses came up during a boot scan and are now moved to the virus chest - I am just interested in knowing whatthey are really.

I had 944+ viruses when I scanned the other night with AVG (managed to accrue them in a week someone) and downloaded avast to see if avg had missed anything - it found these two. not sure if its safe to delete them or not?

  1. you can’t delete from the system volume information folder (whether or not you can see it), it is a protected storage area and the only way to get rid is to disable system restore and boot as I have said!

  2. delete is never the best first option, it’s final, move to the chest where it can do no harm. It can be restored or deleted from here after a week or two. Didn’t avast give the option to move it to the chest?

  3. a google search returns lots of hits for mail.exe, some appear legit however, you would have specifically installed a program that uses this.

There are also suspicious hits also such as this one http://www3.ca.com/securityadvisor/pest/pest.aspx?id=46273 were it is a mailer to send email with forged headers (spam or infected emails?). You have to do the analysis and decide.

With that many viruses your system cpuld well be seriously compromised and I suggest you also run hijackthis and get an on-line analysis of the log file.
Program & Tutorial - Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

If you haven’t already got this software (freeware), download, install, update and run it.

  1. Ad-Aware
  2. Spybot Search and Destroy
  3. Spywareblaster