Is there something new and malicious going around??? A lot of people are getting this warning.
I have the same problem. Avast! Home edition Anti-Virus found:
Win32:Trojan-gen. {VB} (what’s with the different letters VB, VC, etc???) Path: C:\Windows\System32\sysdebug32.exe
When Avast gave alert, I chose to Delete the file. Apparently, from what others have said online, they were unable to delete this file (maybe designated as a System file?). Well if an antivirus program gives an alert with delete as an option, it is possible to be deleted in Avast’s case. Otherwise, safemode is how the file is manually deleted.
After research online, Symantec said sysdebug32.exe was from “Trojan-Adwarehelper” & said to delete the registry key: “Allow” = “[URL]” in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows
(BTW I don’t use IE, I use Mozilla)
When I did a search of the registry, found two occurrences of sysdebug32.exe one being in this key: HKEY_LOCAL_MACHINE\Software\Classes\dtdp (which I deleted both).
I use and scanned with Ad-Aware SE, Spybot Search & Destroy, Microsoft AntiSpyware - all found nothing wrong. Ran another scan with Avast - nothing came up. Ran a boot scan with Avast on both drives and each partition - nothing. WinPatrol is VERY protective and never said anything was wrong. Windows Firewall (always enabled) not a word (what’s new). Did six different online free scans from big anti-virus companies such as Symantec and McAfee, nothing found.
The craziest part about this “infection” is I have a PIII 500MHz with maxed-out memory, and although it is well taken care of (reg. defrag, scandisk, Disk Cleanup often, keep the browser caches empty and to a minimum) the poor old thing still bogs down if way too many apps are open, otherwise, it runs like a top! Now if I had a trojan, wouldn’t it typically bog me down? I work on friend’s pcs all the time doing installs along with cleaning out malware and I’ve seen how a pc acts when it’s infected (choke choke). Mine is acting fine - it’s the warnings I’m now getting all of a sudden that is worrisome.
This trojan was found by Avast monitoring while the pc was idle. Every single scan along with monitoring for two years up until now has been clean. I’ve never had a virus since using Avast and have always been protected. This system has been well-maintained and I also run ZoneAlarm Home Firewall. Everything is updated as available and scans are ran often. Also installed SP2 as soon as it was available. Absolutely no problems until this sysdebug32.exe came up out of the blue. This was on 3-27-05. I’ve researched online to find a lot of people asking what this trojan is, but haven’t found a solid answer. If you search for “Win32:Trojan-gen. {VB}”, a lot of different hits come up, but none point exactly to this variation AND match sysdebug32.exe. Plus, the anti-virus companies cause so much confusion because every company wants to give its own unique name to a virus or worm. Why this has not been made universal and stick with only one name is astounding. It is very difficult to pinpoint the origin and solution for a problem when the same worm or virus has a different name on each company’s site. It’s like looking for “Bob” in Chicago!
Today, I run Avast Anti-Virus scan, now it finds a new variation - yippee. “Win32:Trojan-gen {Other}” Path: C:\Program Files\Common Files\mscombtl32.exe
This one gets put into the Avast Chest for isolation and it got reported to Avast (waiting to hear back).
I’ve searched online for mscombtl32.exe and there isn’t one hit anywhere (Microsoft, google, yahoo, askjeeves…).
Also, I’ve been keeping an eye on Task Manager and there isn’t one new service running (BTW, thanks to blackviper.com the XP services are to a minimum). Even checked in msconfig and checked files running in WinPatrol - nothing new running.
So is this a new trojan that is just being discovered by users or are these both “false alarms”? It would be comforting just to be able get a straight answer online, especially if there is no malicious program on the computer. But we’re all looking for needles in the haystacks because anti-virus companies want to name the same virus different from other companies. This problem seriously needs to be addressed. Do you know how many different ways you can search for “Win32:Trojan-gen. {VB}”??? You can take out the “in”, you can replace the colons with periods, it goes on and on but should only have ONE SIMPLE NAME that people can reasonably find.
So if these warnings are true, then it either came from the “Arcade! Classic Arcade” game or from themeworld.com for the Dale Earnhardt “Pass in the Grass” Theme or from my slow dialup connection to the Internet :). Yes, those were scanned and showed “clean” BEFORE they were installed. And Yes, I’ve looked online for the Theme problems possibly being infected, too - nothing. I rarely install anything new and keep my system locked down and settings as high as they go.
Good Luck everybody and hopefully somebody, soon, will be able to let people know what’s going on.