Win32: Trojan-gen

Sorry I am sure you hear this alot but I just installed Avast and ran the virus check and it found virus Win32: Trojan-gen. What is it and what should I do? I can’t repair it… should i delete it or what? I don’t know how to use this program…

Help me,
billshintos

Hi, first of all, can you answer these questions please?

Which OS are you using? and what is the path and file name Avast reports?

If you answer these I’m sure one of the experts will be along to help you.

I’ve got the same problem. The virus name is Win32:Trojan-gen. {UPX!} The file name is c:\windows\olehelp.exe and the VPS version is 0436-4, 09/03/2004 My OS is Windows XP Home Edition. Please help, I don’t know what to do! ???

Cappysocks
Welcome to the forum.
Please get, and run Eddy’s Program. See Shortcuts for ALL to USE in my signature for the link.
Come back here and let us know what you’ve found.

Thank you Bob. Ok, so I downloaded, and ran the analyzer, and it turned out a really long list of bad, and a really long list of good. I don’t know what to do from here. Am I supposed to delete all of the items in the bad database? How do I do that? I’m sorry, I’m just really bad with computers. Thanks for all of your help. :slight_smile:

In the file result.log under the header “THESE ITEMS SHOULD BE REMOVED:” you will find all things that are definatly not belong on your system. Check them in HijackThis and choose fix.

All items in the databases of the analyzer are double checked. If there is something wrong in one of them, I am sure someone would have reported it to me.

In the “THESE ITEMS SHOULD BE REMOVED” list, it first list a couple of files, and then it shows running processes. I’ve checked and fixed those above the “running processes” list, but more keep showing up. And I keep getting an alert that I have the virus. So when I looked at the result log again, it shows everything that came up after the HijackThis scan. So I checked everything, and when I clicked fix, I got a warning. When I fix, is it just going to delete those files? How do I know that I’m not going to lose something important? Thank you all for your help!

Go HERE and follow all 8 steps as explained there.

Ok, just a few more questioins:

Do I need to download Ad-Aware and Spybot s&d?

Should I install the XP security pack 2?

If, or when do I turn system restore back on?

Do I run HijackThis anytime a virus is found, or just when it can’t be repaired?

Once again, I appreciate all of your help! It’s great to know that there are decent guys like yourselves who can help people who are not good with computers, like myself.

THANKS!!! ;D

Get and use at least all the applications ment in the first table on that page. Do not turn system restore back on after you have finished cleaning your system unless there is really a reason for you to have it on.

cappysocks
I personally use System Restore. What you must realize, if you make a restore point and your system has a virus, you will get a warning whenever you do a full scan and you can’t fix, move or delete the virus because it’s in a system protected folder. If this happens, you would then again have to disable System Restore in order to clear the files in that Folder.
Once your system is completely clean of all viruses and malware, you have to decide if you want to restart System Restore or not. This is a personal choice. I feel safer with it enabled but some users would rather not use it because it does use large amounts of HardDrive space.
Hope this helps.

Cool! Thanks, Guys!!! 8)

Hello everybody!

I am new to this forum as I used different AV software until recently. Now I got a warning about Trojan-gen but I know for sure that Avast is crying wolf in this case. The program in question is the Scenario Creating System which is part of third-party add-ons for the TRS2004 train simulator. I added the program file to the exclusion list (I think that’s what this list is good for), but on a virus scan this program is still recognized as having the Trojan. Of course I just click on the Proceed button. But I believe that a program file that is on the exclusion list should not be checked in a virus scan. Or should I put the full path to the program file itself on the list and not just the path to its program file?

Thank you for your help,

Dralex

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner www.virusscan.jotti.dhs.org if any other scanners here detect them it is less likely to be a false positive.

HTH David

Ok, one more thing:

The Spybot- Search & Destroy keeps finding this error, DSO Exploit, and everytime I fix it, but it always comes back. Is there anything I can do?

Thanks!

http://forum.avast.com/index.php?board=1;action=display;threadid=7240

mmmmmmm, I just as I thought Avast was bomb proof I get this trogen !, ownly to find the ownly recommendations on the forum is another program ! has Avast no answers to this ?

Well since you give zero information on your detection we can’t say if your problem is one and the same, because this signature can detect multiple trojans and variants. Not to mention you are opening a topic that is almost 5 years old and much would have changed since this trojan-gen detection.

The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe - Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log

hi ,David R , sorry just seeing if theres life out there in Avastland , would this be of any help

  c:\system volume imformation \_restore{40acd310-cabc-45a4-97c

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster.
  8. Check if you have insecure applications with Secunia Software Inspector.

Steps 2 and 6 should get rid of these files.